From 1f61c67ed46205016cb798dddb4027b931d9c015 Mon Sep 17 00:00:00 2001 From: BrainL Date: Mon, 17 Feb 2025 11:59:37 +0800 Subject: [PATCH 1/9] =?UTF-8?q?=E8=AE=BE=E5=A4=87=E7=BB=91=E5=AE=9A?= =?UTF-8?q?=E5=92=8C=E8=A7=A3=E7=BB=91=E8=83=BD=E5=8A=9B=E5=A2=9E=E5=BC=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: BrainL --- .../src/deviceprofile_connector.cpp | 7 -- .../authentication/auth_message_processor.h | 10 ++ .../authentication/auth_message_processor.cpp | 94 +++++++++++++++++++ .../src/authentication/dm_auth_manager.cpp | 6 ++ 4 files changed, 110 insertions(+), 7 deletions(-) diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp index 6ec0ef91d..630476310 100644 --- a/commondependency/src/deviceprofile_connector.cpp +++ b/commondependency/src/deviceprofile_connector.cpp @@ -394,18 +394,11 @@ std::vector DeviceProfileConnector::SyncAclByBindType(std::string pkgNa CompareBindType(profiles, pkgName, sinkBindType, localDeviceId, targetDeviceId); LOGI("SyncAclByBindType sinkBindType size is %{public}zu", sinkBindType.size()); for (uint32_t sinkIndex = 0; sinkIndex < sinkBindType.size(); sinkIndex++) { - bool deleteAclFlag = true; for (uint32_t srcIndex = 0; srcIndex < bindTypeVec.size(); srcIndex++) { if (sinkBindType[sinkIndex] == bindTypeVec[srcIndex]) { - deleteAclFlag = false; bindType.push_back(bindTypeVec[sinkIndex]); } } - if (deleteAclFlag) { - int32_t deleteIndex = profiles[bindTypeIndex[sinkIndex]].GetAccessControlId(); - DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(deleteIndex); - LOGI("SyncAclByBindType deleteAcl index is %{public}d", deleteIndex); - } } return bindType; } diff --git a/services/implementation/include/authentication/auth_message_processor.h b/services/implementation/include/authentication/auth_message_processor.h index d21279a34..5227d2891 100644 --- a/services/implementation/include/authentication/auth_message_processor.h +++ b/services/implementation/include/authentication/auth_message_processor.h @@ -77,6 +77,7 @@ constexpr const char* TAG_EDITION = "edition"; constexpr const char* TAG_BUNDLE_NAME = "bundleName"; constexpr const char* TAG_CRYPTIC_MSG = "encryptMsg"; constexpr const char* TAG_PEER_BUNDLE_NAME = "PEER_BUNDLE_NAME"; +constexpr const char* TAG_PROFILES_SIZE = "PROFILES_SIZE"; class DmAuthManager; struct DmAuthRequestContext; @@ -91,8 +92,10 @@ public: int32_t ParseMessage(const std::string &message); void SetRequestContext(std::shared_ptr authRequestContext); void SetResponseContext(std::shared_ptr authResponseContext); + void SetRequestProfiles(std::vector profiles); std::shared_ptr GetResponseContext(); std::shared_ptr GetRequestContext(); + std::vector GetRequestProfiles(); std::string CreateDeviceAuthMessage(int32_t msgType, const uint8_t *data, uint32_t dataLen); void CreateResponseAuthMessageExt(nlohmann::json &json); void ParseAuthResponseMessageExt(nlohmann::json &json); @@ -113,11 +116,17 @@ private: void ParseResponseFinishMessage(nlohmann::json &json); void GetAuthReqMessage(nlohmann::json &json); void ParsePkgNegotiateMessage(const nlohmann::json &json); + void ParseRemoteAcl(const nlohmann::json &json); void CreatePublicKeyMessageExt(nlohmann::json &json); void ParsePublicKeyMessageExt(nlohmann::json &json); void GetJsonObj(nlohmann::json &jsonObj); void CreateReqReCheckMessage(nlohmann::json &jsonObj); void ParseReqReCheckMessage(nlohmann::json &json); + void SyncAclByRemote(DistributedDeviceProfile::AccessControlProfile profile, + int32_t size, const nlohmann::json &json); + void CreateLocalAclParcel(nlohmann::json &json); + void ParseAclFromJson(const nlohmann::json &json, int32_t size, + DistributedDeviceProfile::AccessControlProfile profile, bool &isSame); private: std::weak_ptr authMgr_; @@ -128,6 +137,7 @@ private: std::mutex encryptFlagMutex_; bool encryptFlag_ = false; std::shared_ptr cryptoMgr_ = nullptr; + std::vector requestProfiles_; }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index b67246a0b..e02f6c31d 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -219,6 +219,28 @@ void AuthMessageProcessor::CreateNegotiateMessage(nlohmann::json &json) json[TAG_EDITION] = authResponseContext_->edition; } +void AuthMessageProcessor::CreateLocalAclParcel(nlohmann::json &json) +{ + for (uint32_t item = 0; item < requestProfiles_.size(); item++) { + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(item); + std::string accesserUserId = "accesserUserId" + std::to_string(item); + std::string accesserAccountId = "accesserAccountId" + std::to_string(item); + std::string accesserTokenId = "accesserTokenId" + std::to_string(item); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(item); + std::string accesseeUserId = "accesseeUserId" + std::to_string(item); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(item); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(item); + json[accesserDeviceId] = requestProfiles_.at(item).GetAccesser().GetAccesserDeviceId(); + json[accesserUserId] = requestProfiles_.at(item).GetAccesser().GetAccesserUserId(); + json[accesserAccountId] = requestProfiles_.at(item).GetAccesser().GetAccesserAccountId(); + json[accesserTokenId] = requestProfiles_.at(item).GetAccesser().GetAccesserTokenId(); + json[accesseeDeviceId] = requestProfiles_.at(item).GetAccessee().GetAccesseeDeviceId(); + json[accesseeUserId] = requestProfiles_.at(item).GetAccessee().GetAccesseeUserId(); + json[accesseeAccountId] = requestProfiles_.at(item).GetAccessee().GetAccesseeAccountId(); + json[accesseeTokenId] = requestProfiles_.at(item).GetAccessee().GetAccesseeTokenId(); + } +} + void AuthMessageProcessor::CreateRespNegotiateMessage(nlohmann::json &json) { if (cryptoAdapter_ == nullptr) { @@ -602,6 +624,65 @@ void AuthMessageProcessor::ParseNegotiateMessage(const nlohmann::json &json) ParsePkgNegotiateMessage(json); } +void AuthMessageProcessor::ParseRemoteAcl(const nlohmann::json &json) +{ + int32_t profilesSize = 0; + if (IsInt32(json, TAG_PROFILES_SIZE)) { + profilesSize = json[TAG_PROFILES_SIZE].get(); + } + for (uint32_t reqItem = 0; reqItem < requestProfiles_.size(); reqItem++) { + LOGI("ParseRemoteAcl SyncAclByRemote Start."); + SyncAclByRemote(requestProfiles_.at(reqItem), profilesSize, json); + } +} + +void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, int32_t size, + DistributedDeviceProfile::AccessControlProfile profile, bool &isSame) +{ + for (int32_t item = 0; item < size; item++) { + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(item); + std::string accesserUserId = "accesserUserId" + std::to_string(item); + std::string accesserAccountId = "accesserAccountId" + std::to_string(item); + std::string accesserTokenId = "accesserTokenId" + std::to_string(item); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(item); + std::string accesseeUserId = "accesseeUserId" + std::to_string(item); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(item); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(item); + if (!IsString(jsonObject, accesserDeviceId) || !IsInt32(jsonObject, accesserUserId) || + !IsString(jsonObject, accesserAccountId) || !IsInt32(jsonObject, accesserTokenId) || + !IsString(jsonObject, accesseeDeviceId) || !IsInt32(jsonObject, accesseeUserId) || + !IsString(jsonObject, accesseeAccountId) || !IsInt32(jsonObject, accesseeTokenId)) { + isSame = false; + return; + } + if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesserDeviceId].get() || + profile.GetAccesser().GetAccesserUserId() != jsonObject[accesserUserId].get() || + profile.GetAccesser().GetAccesserAccountId() != jsonObject[accesserAccountId].get() || + profile.GetAccesser().GetAccesserTokenId() != jsonObject[accesserTokenId].get() || + profile.GetAccessee().GetAccesseeDeviceId() != jsonObject[accesseeDeviceId].get() || + profile.GetAccessee().GetAccesseeUserId() != jsonObject[accesseeUserId].get() || + profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesseeAccountId].get() || + profile.GetAccessee().GetAccesseeTokenId() != jsonObject[accesseeTokenId].get()) { + isSame = false; + return; + } + } +} + +void AuthMessageProcessor::SyncAclByRemote(DistributedDeviceProfile::AccessControlProfile profile, + int32_t size, const nlohmann::json &json) +{ + bool isSame = true; + if (size == 0) { + isSame = false; + } else { + ParseAclFromJson(json, size, profile, isSame); + } + if (!isSame) { + DeviceProfileConnector::GetInstance().DeleteAccessControlById(profile.GetAccessControlId()); + } +} + void AuthMessageProcessor::ParseRespNegotiateMessage(const nlohmann::json &json) { if (IsBool(json, TAG_IDENTICAL_ACCOUNT)) { @@ -644,6 +725,11 @@ void AuthMessageProcessor::SetResponseContext(std::shared_ptr profiles) +{ + requestProfiles_ = profiles; +} + std::shared_ptr AuthMessageProcessor::GetResponseContext() { return authResponseContext_; @@ -654,6 +740,11 @@ std::shared_ptr AuthMessageProcessor::GetRequestContext() return authRequestContext_; } +std::vector AuthMessageProcessor::GetRequestProfiles() +{ + return requestProfiles_; +} + std::string AuthMessageProcessor::CreateDeviceAuthMessage(int32_t msgType, const uint8_t *data, uint32_t dataLen) { LOGI("CreateDeviceAuthMessage start, msgType %{public}d.", msgType); @@ -675,6 +766,8 @@ void AuthMessageProcessor::CreateReqReCheckMessage(nlohmann::json &jsonObj) jsonTemp[TAG_TOKENID] = authResponseContext_->tokenId; jsonTemp[TAG_BUNDLE_NAME] = authResponseContext_->bundleName; jsonTemp[TAG_BIND_LEVEL] = authResponseContext_->bindLevel; + jsonTemp[TAG_PROFILES_SIZE] = requestProfiles_.size(); + CreateLocalAclParcel(jsonTemp); std::string strTemp = SafetyDump(jsonTemp); std::string encryptStr = ""; CHECK_NULL_VOID(cryptoMgr_); @@ -730,6 +823,7 @@ void AuthMessageProcessor::ParseReqReCheckMessage(nlohmann::json &json) if (IsInt32(jsonObject, TAG_BIND_LEVEL)) { authResponseContext_->localBindLevel = jsonObject[TAG_BIND_LEVEL].get(); } + ParseRemoteAcl(jsonObject); } int32_t AuthMessageProcessor::SaveSessionKey(const uint8_t *sessionKey, const uint32_t keyLen) diff --git a/services/implementation/src/authentication/dm_auth_manager.cpp b/services/implementation/src/authentication/dm_auth_manager.cpp index 1d284dab3..9de888780 100644 --- a/services/implementation/src/authentication/dm_auth_manager.cpp +++ b/services/implementation/src/authentication/dm_auth_manager.cpp @@ -863,6 +863,9 @@ void DmAuthManager::StartNegotiate(const int32_t &sessionId) authResponseContext_->isIdenticalAccount = false; authResponseContext_->edition = DM_VERSION_5_0_3; authMessageProcessor_->SetResponseContext(authResponseContext_); + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAccessControlProfile(); + authMessageProcessor_->SetRequestProfiles(profiles); std::string message = authMessageProcessor_->CreateSimpleMessage(MSG_TYPE_NEGOTIATE); softbusConnector_->GetSoftbusSession()->SendData(sessionId, message); if (timer_ != nullptr) { @@ -914,6 +917,9 @@ void DmAuthManager::RespNegotiate(const int32_t &sessionId) return; } LOGI("DmAuthManager::RespNegotiate sessionid %{public}d", sessionId); + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAccessControlProfile(); + authMessageProcessor_->SetRequestProfiles(profiles); remoteDeviceId_ = authResponseContext_->localDeviceId; authResponseContext_->networkId = softbusConnector_->GetLocalDeviceNetworkId(); authResponseContext_->targetDeviceName = softbusConnector_->GetLocalDeviceName(); -- Gitee From 70e80d2638551296c6d194c23b580b7c70a286e7 Mon Sep 17 00:00:00 2001 From: BrainL Date: Mon, 17 Feb 2025 16:52:00 +0800 Subject: [PATCH 2/9] format the code Signed-off-by: BrainL --- .../src/authentication/auth_message_processor.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index e02f6c31d..9e443bcbc 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -640,6 +640,7 @@ void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, in DistributedDeviceProfile::AccessControlProfile profile, bool &isSame) { for (int32_t item = 0; item < size; item++) { + bool needDelete = false; std::string accesserDeviceId = "accesserDeviceId" + std::to_string(item); std::string accesserUserId = "accesserUserId" + std::to_string(item); std::string accesserAccountId = "accesserAccountId" + std::to_string(item); @@ -652,7 +653,7 @@ void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, in !IsString(jsonObject, accesserAccountId) || !IsInt32(jsonObject, accesserTokenId) || !IsString(jsonObject, accesseeDeviceId) || !IsInt32(jsonObject, accesseeUserId) || !IsString(jsonObject, accesseeAccountId) || !IsInt32(jsonObject, accesseeTokenId)) { - isSame = false; + LOGE("ParseAclFromJson format error."); return; } if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesserDeviceId].get() || @@ -663,7 +664,11 @@ void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, in profile.GetAccessee().GetAccesseeUserId() != jsonObject[accesseeUserId].get() || profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesseeAccountId].get() || profile.GetAccessee().GetAccesseeTokenId() != jsonObject[accesseeTokenId].get()) { + needDelete = true; isSame = false; + } + if (!needDelete) { + isSame = true; return; } } -- Gitee From 5916b998b077d15e33843c0d4ef42bf9b719ed82 Mon Sep 17 00:00:00 2001 From: BrainL Date: Mon, 17 Feb 2025 17:29:11 +0800 Subject: [PATCH 3/9] update isSame logic. Signed-off-by: BrainL --- .../implementation/src/authentication/auth_message_processor.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index 9e443bcbc..b23a28f87 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -654,6 +654,7 @@ void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, in !IsString(jsonObject, accesseeDeviceId) || !IsInt32(jsonObject, accesseeUserId) || !IsString(jsonObject, accesseeAccountId) || !IsInt32(jsonObject, accesseeTokenId)) { LOGE("ParseAclFromJson format error."); + isSame = true; return; } if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesserDeviceId].get() || -- Gitee From 114aedf71be03e6390a8a5b9a85f23114edc4648 Mon Sep 17 00:00:00 2001 From: BrainL Date: Sat, 22 Feb 2025 15:54:44 +0800 Subject: [PATCH 4/9] fix code error Signed-off-by: BrainL --- .../authentication/auth_message_processor.h | 2 + .../authentication/auth_message_processor.cpp | 48 ++++++++++++++----- .../src/authentication/dm_auth_manager.cpp | 20 ++++++-- 3 files changed, 54 insertions(+), 16 deletions(-) diff --git a/services/implementation/include/authentication/auth_message_processor.h b/services/implementation/include/authentication/auth_message_processor.h index 5227d2891..c1bb1c91d 100644 --- a/services/implementation/include/authentication/auth_message_processor.h +++ b/services/implementation/include/authentication/auth_message_processor.h @@ -110,6 +110,8 @@ private: void CreateResponseAuthMessage(nlohmann::json &json); void ParseAuthResponseMessage(nlohmann::json &json); int32_t ParseAuthRequestMessage(nlohmann::json &json); + void SyncIdenticalAccountAcl(DistributedDeviceProfile::AccessControlProfile profile, + const nlohmann::json &json, bool &isSame, bool &isDelete, int32_t index); void ParseNegotiateMessage(const nlohmann::json &json); void ParseRespNegotiateMessage(const nlohmann::json &json); void CreateResponseFinishMessage(nlohmann::json &json); diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index b23a28f87..cf4097671 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -230,6 +230,7 @@ void AuthMessageProcessor::CreateLocalAclParcel(nlohmann::json &json) std::string accesseeUserId = "accesseeUserId" + std::to_string(item); std::string accesseeAccountId = "accesseeAccountId" + std::to_string(item); std::string accesseeTokenId = "accesseeTokenId" + std::to_string(item); + std::string bindType = "bindType" + std::to_string(item); json[accesserDeviceId] = requestProfiles_.at(item).GetAccesser().GetAccesserDeviceId(); json[accesserUserId] = requestProfiles_.at(item).GetAccesser().GetAccesserUserId(); json[accesserAccountId] = requestProfiles_.at(item).GetAccesser().GetAccesserAccountId(); @@ -238,6 +239,7 @@ void AuthMessageProcessor::CreateLocalAclParcel(nlohmann::json &json) json[accesseeUserId] = requestProfiles_.at(item).GetAccessee().GetAccesseeUserId(); json[accesseeAccountId] = requestProfiles_.at(item).GetAccessee().GetAccesseeAccountId(); json[accesseeTokenId] = requestProfiles_.at(item).GetAccessee().GetAccesseeTokenId(); + json[bindType] = requestProfiles_.at(item).GetBindType(); } } @@ -640,7 +642,7 @@ void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, in DistributedDeviceProfile::AccessControlProfile profile, bool &isSame) { for (int32_t item = 0; item < size; item++) { - bool needDelete = false; + bool isDelete = false; std::string accesserDeviceId = "accesserDeviceId" + std::to_string(item); std::string accesserUserId = "accesserUserId" + std::to_string(item); std::string accesserAccountId = "accesserAccountId" + std::to_string(item); @@ -649,6 +651,7 @@ void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, in std::string accesseeUserId = "accesseeUserId" + std::to_string(item); std::string accesseeAccountId = "accesseeAccountId" + std::to_string(item); std::string accesseeTokenId = "accesseeTokenId" + std::to_string(item); + std::string bindType = "bindType" + std::to_string(item); if (!IsString(jsonObject, accesserDeviceId) || !IsInt32(jsonObject, accesserUserId) || !IsString(jsonObject, accesserAccountId) || !IsInt32(jsonObject, accesserTokenId) || !IsString(jsonObject, accesseeDeviceId) || !IsInt32(jsonObject, accesseeUserId) || @@ -657,24 +660,45 @@ void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, in isSame = true; return; } - if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesserDeviceId].get() || - profile.GetAccesser().GetAccesserUserId() != jsonObject[accesserUserId].get() || - profile.GetAccesser().GetAccesserAccountId() != jsonObject[accesserAccountId].get() || - profile.GetAccesser().GetAccesserTokenId() != jsonObject[accesserTokenId].get() || - profile.GetAccessee().GetAccesseeDeviceId() != jsonObject[accesseeDeviceId].get() || - profile.GetAccessee().GetAccesseeUserId() != jsonObject[accesseeUserId].get() || - profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesseeAccountId].get() || - profile.GetAccessee().GetAccesseeTokenId() != jsonObject[accesseeTokenId].get()) { - needDelete = true; - isSame = false; + if (profile.GetBindType() == DM_IDENTICAL_ACCOUNT && + jsonObject[bindType].get() == DM_IDENTICAL_ACCOUNT) { + SyncIdenticalAccountAcl(profile, jsonObject, isSame, isDelete, item); + } else { + if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesserDeviceId].get() || + profile.GetAccesser().GetAccesserUserId() != jsonObject[accesserUserId].get() || + profile.GetAccesser().GetAccesserAccountId() != jsonObject[accesserAccountId].get() || + profile.GetAccesser().GetAccesserTokenId() != jsonObject[accesserTokenId].get() || + profile.GetAccessee().GetAccesseeDeviceId() != jsonObject[accesseeDeviceId].get() || + profile.GetAccessee().GetAccesseeUserId() != jsonObject[accesseeUserId].get() || + profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesseeAccountId].get() || + profile.GetAccessee().GetAccesseeTokenId() != jsonObject[accesseeTokenId].get()) { + isDelete = true; + isSame = false; + } } - if (!needDelete) { + if (!isDelete) { isSame = true; return; } } } +void AuthMessageProcessor::SyncIdenticalAccountAcl(DistributedDeviceProfile::AccessControlProfile profile, + const nlohmann::json &json, bool &isSame, bool &isDelete, int32_t index) +{ + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(index); + std::string accesserAccountId = "accesserAccountId" + std::to_string(index); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(index); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(index); + if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesseeDeviceId].get() || + profile.GetAccessee().GetAccesseeDeviceId() != jsonObject[accesserDeviceId].get() || + profile.GetAccesser().GetAccesserAccountId() != jsonObject[accesseeAccountId].get() || + profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesserAccountId].get()) { + isDelete = true; + isSame = false; + } +} + void AuthMessageProcessor::SyncAclByRemote(DistributedDeviceProfile::AccessControlProfile profile, int32_t size, const nlohmann::json &json) { diff --git a/services/implementation/src/authentication/dm_auth_manager.cpp b/services/implementation/src/authentication/dm_auth_manager.cpp index 9de888780..514d64109 100644 --- a/services/implementation/src/authentication/dm_auth_manager.cpp +++ b/services/implementation/src/authentication/dm_auth_manager.cpp @@ -863,9 +863,6 @@ void DmAuthManager::StartNegotiate(const int32_t &sessionId) authResponseContext_->isIdenticalAccount = false; authResponseContext_->edition = DM_VERSION_5_0_3; authMessageProcessor_->SetResponseContext(authResponseContext_); - std::vector profiles = - DeviceProfileConnector::GetInstance().GetAccessControlProfile(); - authMessageProcessor_->SetRequestProfiles(profiles); std::string message = authMessageProcessor_->CreateSimpleMessage(MSG_TYPE_NEGOTIATE); softbusConnector_->GetSoftbusSession()->SendData(sessionId, message); if (timer_ != nullptr) { @@ -919,7 +916,13 @@ void DmAuthManager::RespNegotiate(const int32_t &sessionId) LOGI("DmAuthManager::RespNegotiate sessionid %{public}d", sessionId); std::vector profiles = DeviceProfileConnector::GetInstance().GetAccessControlProfile(); - authMessageProcessor_->SetRequestProfiles(profiles); + std::vector profilesFilter = {}; + for (auth &item : profiles) { + if (item.GetTrustedDeviceId() == authResponseContext_->localDeviceId) { + profilesFilter.push_back(item); + } + } + authMessageProcessor_->SetRequestProfiles(profilesFilter); remoteDeviceId_ = authResponseContext_->localDeviceId; authResponseContext_->networkId = softbusConnector_->GetLocalDeviceNetworkId(); authResponseContext_->targetDeviceName = softbusConnector_->GetLocalDeviceName(); @@ -971,6 +974,15 @@ void DmAuthManager::SendAuthRequest(const int32_t &sessionId) return; } remoteDeviceId_ = authResponseContext_->localDeviceId; + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAccessControlProfile(); + std::vector profilesFilter = {}; + for (auth &item : profiles) { + if (item.GetTrustedDeviceId() == remoteDeviceId_) { + profilesFilter.push_back(item); + } + } + authMessageProcessor_->SetRequestProfiles(profilesFilter); remoteVersion_ = ConvertSinkVersion(authResponseContext_->dmVersion); if (timer_ != nullptr) { timer_->DeleteTimer(std::string(NEGOTIATE_TIMEOUT_TASK)); -- Gitee From d4e40395f6fd100dbd9448627876ef70e538e69c Mon Sep 17 00:00:00 2001 From: BrainL Date: Sat, 22 Feb 2025 16:15:53 +0800 Subject: [PATCH 5/9] code format Signed-off-by: BrainL --- .../authentication/auth_message_processor.h | 2 ++ .../authentication/auth_message_processor.cpp | 36 +++++++++++++------ 2 files changed, 27 insertions(+), 11 deletions(-) diff --git a/services/implementation/include/authentication/auth_message_processor.h b/services/implementation/include/authentication/auth_message_processor.h index c1bb1c91d..dfc9a7462 100644 --- a/services/implementation/include/authentication/auth_message_processor.h +++ b/services/implementation/include/authentication/auth_message_processor.h @@ -112,6 +112,8 @@ private: int32_t ParseAuthRequestMessage(nlohmann::json &json); void SyncIdenticalAccountAcl(DistributedDeviceProfile::AccessControlProfile profile, const nlohmann::json &json, bool &isSame, bool &isDelete, int32_t index); + void SyncPointToPointAcl(DistributedDeviceProfile::AccessControlProfile profile, + const nlohmann::json &json, bool &isSame, bool &isDelete, int32_t index); void ParseNegotiateMessage(const nlohmann::json &json); void ParseRespNegotiateMessage(const nlohmann::json &json); void CreateResponseFinishMessage(nlohmann::json &json); diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index cf4097671..8ea4e7c3c 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -664,17 +664,7 @@ void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, in jsonObject[bindType].get() == DM_IDENTICAL_ACCOUNT) { SyncIdenticalAccountAcl(profile, jsonObject, isSame, isDelete, item); } else { - if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesserDeviceId].get() || - profile.GetAccesser().GetAccesserUserId() != jsonObject[accesserUserId].get() || - profile.GetAccesser().GetAccesserAccountId() != jsonObject[accesserAccountId].get() || - profile.GetAccesser().GetAccesserTokenId() != jsonObject[accesserTokenId].get() || - profile.GetAccessee().GetAccesseeDeviceId() != jsonObject[accesseeDeviceId].get() || - profile.GetAccessee().GetAccesseeUserId() != jsonObject[accesseeUserId].get() || - profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesseeAccountId].get() || - profile.GetAccessee().GetAccesseeTokenId() != jsonObject[accesseeTokenId].get()) { - isDelete = true; - isSame = false; - } + SyncPointToPointAcl(profile, jsonObject, isSame, isDelete, item); } if (!isDelete) { isSame = true; @@ -699,6 +689,30 @@ void AuthMessageProcessor::SyncIdenticalAccountAcl(DistributedDeviceProfile::Acc } } +void AuthMessageProcessor::SyncPointToPointAcl(DistributedDeviceProfile::AccessControlProfile profile, + const nlohmann::json &json, bool &isSame, bool &isDelete, int32_t index) +{ + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(index); + std::string accesserUserId = "accesserUserId" + std::to_string(index); + std::string accesserAccountId = "accesserAccountId" + std::to_string(index); + std::string accesserTokenId = "accesserTokenId" + std::to_string(index); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(index); + std::string accesseeUserId = "accesseeUserId" + std::to_string(index); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(index); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(index); + if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesserDeviceId].get() || + profile.GetAccesser().GetAccesserUserId() != jsonObject[accesserUserId].get() || + profile.GetAccesser().GetAccesserAccountId() != jsonObject[accesserAccountId].get() || + profile.GetAccesser().GetAccesserTokenId() != jsonObject[accesserTokenId].get() || + profile.GetAccessee().GetAccesseeDeviceId() != jsonObject[accesseeDeviceId].get() || + profile.GetAccessee().GetAccesseeUserId() != jsonObject[accesseeUserId].get() || + profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesseeAccountId].get() || + profile.GetAccessee().GetAccesseeTokenId() != jsonObject[accesseeTokenId].get()) { + isDelete = true; + isSame = false; + } +} + void AuthMessageProcessor::SyncAclByRemote(DistributedDeviceProfile::AccessControlProfile profile, int32_t size, const nlohmann::json &json) { -- Gitee From ff046ced3cc86624511fac69de6c59684871bc9d Mon Sep 17 00:00:00 2001 From: BrainL Date: Sat, 22 Feb 2025 16:38:12 +0800 Subject: [PATCH 6/9] check parse Signed-off-by: BrainL --- .../src/authentication/auth_message_processor.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index 8ea4e7c3c..ace98041a 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -655,7 +655,8 @@ void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, in if (!IsString(jsonObject, accesserDeviceId) || !IsInt32(jsonObject, accesserUserId) || !IsString(jsonObject, accesserAccountId) || !IsInt32(jsonObject, accesserTokenId) || !IsString(jsonObject, accesseeDeviceId) || !IsInt32(jsonObject, accesseeUserId) || - !IsString(jsonObject, accesseeAccountId) || !IsInt32(jsonObject, accesseeTokenId)) { + !IsString(jsonObject, accesseeAccountId) || !IsInt32(jsonObject, accesseeTokenId) || + !IsInt32(jsonObject, bindType)) { LOGE("ParseAclFromJson format error."); isSame = true; return; -- Gitee From 50e6dca7bf5049797a57efb32e9c778b76e35d9a Mon Sep 17 00:00:00 2001 From: BrainL Date: Sat, 22 Feb 2025 16:59:25 +0800 Subject: [PATCH 7/9] update code param Signed-off-by: BrainL --- .../src/authentication/auth_message_processor.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index ace98041a..bca54b3e2 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -675,7 +675,7 @@ void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, in } void AuthMessageProcessor::SyncIdenticalAccountAcl(DistributedDeviceProfile::AccessControlProfile profile, - const nlohmann::json &json, bool &isSame, bool &isDelete, int32_t index) + const nlohmann::json &jsonObject, bool &isSame, bool &isDelete, int32_t index) { std::string accesserDeviceId = "accesserDeviceId" + std::to_string(index); std::string accesserAccountId = "accesserAccountId" + std::to_string(index); @@ -691,7 +691,7 @@ void AuthMessageProcessor::SyncIdenticalAccountAcl(DistributedDeviceProfile::Acc } void AuthMessageProcessor::SyncPointToPointAcl(DistributedDeviceProfile::AccessControlProfile profile, - const nlohmann::json &json, bool &isSame, bool &isDelete, int32_t index) + const nlohmann::json &jsonObject, bool &isSame, bool &isDelete, int32_t index) { std::string accesserDeviceId = "accesserDeviceId" + std::to_string(index); std::string accesserUserId = "accesserUserId" + std::to_string(index); -- Gitee From 4a0c3ed3a3fdb7658a376e7a9b293f5dcb797d94 Mon Sep 17 00:00:00 2001 From: BrainL Date: Sat, 22 Feb 2025 17:08:35 +0800 Subject: [PATCH 8/9] change method parameter Signed-off-by: BrainL --- .../implementation/src/authentication/dm_auth_manager.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/implementation/src/authentication/dm_auth_manager.cpp b/services/implementation/src/authentication/dm_auth_manager.cpp index 514d64109..c795f9a4b 100644 --- a/services/implementation/src/authentication/dm_auth_manager.cpp +++ b/services/implementation/src/authentication/dm_auth_manager.cpp @@ -917,7 +917,7 @@ void DmAuthManager::RespNegotiate(const int32_t &sessionId) std::vector profiles = DeviceProfileConnector::GetInstance().GetAccessControlProfile(); std::vector profilesFilter = {}; - for (auth &item : profiles) { + for (auto &item : profiles) { if (item.GetTrustedDeviceId() == authResponseContext_->localDeviceId) { profilesFilter.push_back(item); } @@ -977,7 +977,7 @@ void DmAuthManager::SendAuthRequest(const int32_t &sessionId) std::vector profiles = DeviceProfileConnector::GetInstance().GetAccessControlProfile(); std::vector profilesFilter = {}; - for (auth &item : profiles) { + for (auto &item : profiles) { if (item.GetTrustedDeviceId() == remoteDeviceId_) { profilesFilter.push_back(item); } -- Gitee From 42b79590d3e75c3862156e60c4b9a58783f13f90 Mon Sep 17 00:00:00 2001 From: BrainL Date: Sat, 22 Feb 2025 17:35:47 +0800 Subject: [PATCH 9/9] =?UTF-8?q?=E5=8F=97=E4=BF=A1=E4=BB=BB=E8=AE=BE?= =?UTF-8?q?=E5=A4=87=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: BrainL --- .../implementation/src/authentication/dm_auth_manager.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/services/implementation/src/authentication/dm_auth_manager.cpp b/services/implementation/src/authentication/dm_auth_manager.cpp index c795f9a4b..cd47aa505 100644 --- a/services/implementation/src/authentication/dm_auth_manager.cpp +++ b/services/implementation/src/authentication/dm_auth_manager.cpp @@ -918,7 +918,7 @@ void DmAuthManager::RespNegotiate(const int32_t &sessionId) DeviceProfileConnector::GetInstance().GetAccessControlProfile(); std::vector profilesFilter = {}; for (auto &item : profiles) { - if (item.GetTrustedDeviceId() == authResponseContext_->localDeviceId) { + if (item.GetTrustDeviceId() == authResponseContext_->localDeviceId) { profilesFilter.push_back(item); } } @@ -978,7 +978,7 @@ void DmAuthManager::SendAuthRequest(const int32_t &sessionId) DeviceProfileConnector::GetInstance().GetAccessControlProfile(); std::vector profilesFilter = {}; for (auto &item : profiles) { - if (item.GetTrustedDeviceId() == remoteDeviceId_) { + if (item.GetTrustDeviceId() == remoteDeviceId_) { profilesFilter.push_back(item); } } -- Gitee