commit 08be74de678930e6823f9fe7e460c35bb58040f9
author Vitaly Buka <vitalybuka@google.com> Tue Feb 02 15:25:09 2016 -0800
committer Vitaly Buka <vitalybuka@google.com> Thu Feb 04 00:28:37 2016 +0000
tree 0be4471413d73a9463b3cd70212f85a0855faa08
parent 4efdf4637d19d6fd6c1725820fd07a5702e71a56

Update libuweave/macaroon code

Added delegation time stamp into access token to match changed
validation logic of macaroons.

BUG: 26728665
Change-Id: I131b92b0e0b1b2274d80bdc0b5790a8c05071ec5
Reviewed-on: https://weave-review.googlesource.com/2467
Reviewed-by: Vitaly Buka <vitalybuka@google.com>

third_party/libuweave/src/macaroon.c

diff --git a/third_party/libuweave/src/macaroon.c b/third_party/libuweave/src/macaroon.c
index 80e5933..c823804 100644
--- a/third_party/libuweave/src/macaroon.c
+++ b/third_party/libuweave/src/macaroon.c
@@ -124,29 +124,32 @@
 
 static void init_validation_result(UwMacaroonValidationResult* result) {
   // Start from the largest scope
-  result->granted_scope = kUwMacaroonCaveatScopeTypeOwner;
-  result->expiration_time = UINT32_MAX;
-  result->weave_app_restricted = false;
-  result->lan_session_id = NULL;
-  result->lan_session_id_len = 0;
-  result->num_delegatees = 0;
+  *result = (UwMacaroonValidationResult){
+      .granted_scope = kUwMacaroonCaveatScopeTypeOwner,
+      .expiration_time = UINT32_MAX,
+  };
 }
 
 /** Reset the result object to the lowest scope when encountering errors */
 static void reset_validation_result(UwMacaroonValidationResult* result) {
-  // Start from the largest scope or highest privilege
-  result->granted_scope = 0;
-  result->expiration_time = 0;
-  result->weave_app_restricted = true;
-  result->lan_session_id = NULL;
-  result->lan_session_id_len = 0;
+  *result = (UwMacaroonValidationResult){
+      .weave_app_restricted = true,
+      .granted_scope = UW_MACAROON_CAVEAT_SCOPE_LOWEST_POSSIBLE};
+}
 
-  result->num_delegatees = 0;
-  for (size_t i = 0; i < MAX_NUM_DELEGATEES; i++) {
-    result->delegatees[i].id = NULL;
-    result->delegatees[i].id_len = 0;
-    result->delegatees[i].type = kUwMacaroonDelegateeTypeNone;
+/** Get the next closest scope (to the narrower side). */
+static UwMacaroonCaveatScopeType get_closest_scope(
+    UwMacaroonCaveatScopeType scope) {
+  if (scope <= kUwMacaroonCaveatScopeTypeOwner) {
+    return kUwMacaroonCaveatScopeTypeOwner;
+  } else if (scope <= kUwMacaroonCaveatScopeTypeManager) {
+    return kUwMacaroonCaveatScopeTypeManager;
+  } else if (scope <= kUwMacaroonCaveatScopeTypeUser) {
+    return kUwMacaroonCaveatScopeTypeUser;
+  } else if (scope <= kUwMacaroonCaveatScopeTypeViewer) {
+    return kUwMacaroonCaveatScopeTypeViewer;
   }
+  return scope;
 }
 
 bool uw_macaroon_validate_(const UwMacaroon* macaroon,
@@ -178,6 +181,7 @@
     }
   }
 
+  result->granted_scope = get_closest_scope(result->granted_scope);
   return true;
 }