1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "domain_account_stub.h"
17
18 #include <securec.h>
19 #include <set>
20 #include "account_log_wrapper.h"
21 #include "account_permission_manager.h"
22 #include "domain_account_callback_proxy.h"
23 #include "ipc_skeleton.h"
24 #include "memory_guard.h"
25
26 namespace OHOS {
27 namespace AccountSA {
28 namespace {
29 const char MANAGE_LOCAL_ACCOUNTS[] = "ohos.permission.MANAGE_LOCAL_ACCOUNTS";
30 const char MANAGE_DOMAIN_ACCOUNTS[] = "ohos.permission.MANAGE_DOMAIN_ACCOUNTS";
31 const char GET_LOCAL_ACCOUNTS[] = "ohos.permission.GET_LOCAL_ACCOUNTS";
32 const char ACCESS_USER_AUTH_INTERNAL[] = "ohos.permission.ACCESS_USER_AUTH_INTERNAL";
33 const char GET_DOMAIN_ACCOUNTS[] = "ohos.permission.GET_DOMAIN_ACCOUNTS";
34 const char INTERACT_ACROSS_LOCAL_ACCOUNTS[] = "ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS";
35 const char MANAGE_DOMAIN_ACCOUNT_SERVER_CONFIGS[] = "ohos.permission.MANAGE_DOMAIN_ACCOUNT_SERVER_CONFIGS";
36 }
37
38 static const std::set<DomainAccountInterfaceCode> NON_SYSTEM_API_SET = {
39 DomainAccountInterfaceCode::DOMAIN_UPDATE_ACCOUNT_INFO,
40 DomainAccountInterfaceCode::UPDATE_SERVER_CONFIG,
41 DomainAccountInterfaceCode::GET_SERVER_CONFIG,
42 DomainAccountInterfaceCode::GET_ALL_SERVER_CONFIGS,
43 DomainAccountInterfaceCode::ADD_SERVER_CONFIG,
44 DomainAccountInterfaceCode::REMOVE_SERVER_CONFIG,
45 DomainAccountInterfaceCode::GET_ACCOUNT_SERVER_CONFIG,
46 };
47
48 static const std::map<DomainAccountInterfaceCode, DomainAccountStub::DomainAccountStubFunc> stubFuncMap = {
49 {
50 DomainAccountInterfaceCode::REGISTER_PLUGIN,
__anon17152d7d0202() 51 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
52 return ptr->ProcRegisterPlugin(data, reply); }
53 },
54 {
55 DomainAccountInterfaceCode::UNREGISTER_PLUGIN,
__anon17152d7d0302() 56 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
57 return ptr->ProcUnregisterPlugin(data, reply); }
58 },
59 {
60 DomainAccountInterfaceCode::DOMAIN_AUTH,
__anon17152d7d0402() 61 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
62 return ptr->ProcAuth(data, reply); }
63 },
64 {
65 DomainAccountInterfaceCode::DOMAIN_AUTH_USER,
__anon17152d7d0502() 66 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
67 return ptr->ProcAuthUser(data, reply); }
68 },
69 {
70 DomainAccountInterfaceCode::DOMAIN_ACCOUNT_STATUS_ENQUIRY,
__anon17152d7d0602() 71 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
72 return ptr->ProcGetAccountStatus(data, reply); }
73 },
74 {
75 DomainAccountInterfaceCode::DOMAIN_ACCOUNT_STATUS_LISTENER_REGISTER,
__anon17152d7d0702() 76 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
77 return ptr->ProcRegisterAccountStatusListener(data, reply); }
78 },
79 {
80 DomainAccountInterfaceCode::DOMAIN_ACCOUNT_STATUS_LISTENER_UNREGISTER,
__anon17152d7d0802() 81 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
82 return ptr->ProcUnregisterAccountStatusListener(data, reply); }
83 },
84 {
85 DomainAccountInterfaceCode::DOMAIN_AUTH_WITH_POPUP,
__anon17152d7d0902() 86 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
87 return ptr->ProcAuthWithPopup(data, reply); }
88 },
89 {
90 DomainAccountInterfaceCode::DOMAIN_HAS_DOMAIN_ACCOUNT,
__anon17152d7d0a02() 91 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
92 return ptr->ProcHasDomainAccount(data, reply); }
93 },
94 {
95 DomainAccountInterfaceCode::DOMAIN_UPDATE_ACCOUNT_TOKEN,
__anon17152d7d0b02() 96 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
97 return ptr->ProcUpdateAccountToken(data, reply); }
98 },
99 {
100 DomainAccountInterfaceCode::DOMAIN_IS_AUTHENTICATION_EXPIRED,
__anon17152d7d0c02() 101 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
102 return ptr->ProcIsAuthenticationExpired(data, reply); }
103 },
104 {
105 DomainAccountInterfaceCode::DOMAIN_SET_ACCOUNT_POLICY,
__anon17152d7d0d02() 106 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
107 return ptr->ProcSetAccountPolicy(data, reply); }
108 },
109 {
110 DomainAccountInterfaceCode::DOMAIN_GET_ACCESS_TOKEN,
__anon17152d7d0e02() 111 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
112 return ptr->ProcGetDomainAccessToken(data, reply); }
113 },
114 {
115 DomainAccountInterfaceCode::DOMAIN_GET_ACCOUNT_INFO,
__anon17152d7d0f02() 116 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
117 return ptr->ProcGetDomainAccountInfo(data, reply); }
118 },
119 {
120 DomainAccountInterfaceCode::ADD_SERVER_CONFIG,
__anon17152d7d1002() 121 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
122 return ptr->ProcAddServerConfig(data, reply); }
123 },
124 {
125 DomainAccountInterfaceCode::REMOVE_SERVER_CONFIG,
__anon17152d7d1102() 126 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
127 return ptr->ProcRemoveServerConfig(data, reply); }
128 },
129 {
130 DomainAccountInterfaceCode::UPDATE_SERVER_CONFIG,
__anon17152d7d1202() 131 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
132 return ptr->ProcUpdateServerConfig(data, reply); }
133 },
134 {
135 DomainAccountInterfaceCode::GET_SERVER_CONFIG,
__anon17152d7d1302() 136 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
137 return ptr->ProcGetServerConfig(data, reply); }
138 },
139 {
140 DomainAccountInterfaceCode::GET_ALL_SERVER_CONFIGS,
__anon17152d7d1402() 141 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
142 return ptr->ProcGetAllServerConfigs(data, reply); }
143 },
144 {
145 DomainAccountInterfaceCode::GET_ACCOUNT_SERVER_CONFIG,
__anon17152d7d1502() 146 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
147 return ptr->ProcGetAccountServerConfig(data, reply); }
148 },
149 {
150 DomainAccountInterfaceCode::DOMAIN_UPDATE_ACCOUNT_INFO,
__anon17152d7d1602() 151 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
152 return ptr->ProcUpdateAccountInfo(data, reply); }
153 },
154 {
155 DomainAccountInterfaceCode::DOMAIN_GET_ACCOUNT_POLICY,
__anon17152d7d1702() 156 [] (DomainAccountStub *ptr, MessageParcel &data, MessageParcel &reply) {
157 return ptr->ProcGetAccountPolicy(data, reply); }
158 },
159 };
160
DomainAccountStub()161 DomainAccountStub::DomainAccountStub()
162 {}
163
~DomainAccountStub()164 DomainAccountStub::~DomainAccountStub()
165 {}
166
OnRemoteRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)167 int32_t DomainAccountStub::OnRemoteRequest(
168 uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option)
169 {
170 MemoryGuard cacheGuard;
171 int32_t uid = IPCSkeleton::GetCallingUid();
172 ACCOUNT_LOGI("Received stub message: %{public}d, callingUid: %{public}d, callingPid: %{public}d", code, uid,
173 IPCSkeleton::GetCallingRealPid());
174 ErrCode errCode = CheckPermission(static_cast<DomainAccountInterfaceCode>(code), uid);
175 if (errCode != ERR_OK) {
176 ACCOUNT_LOGE("check permission failed");
177 return errCode;
178 }
179 if (data.ReadInterfaceToken() != GetDescriptor()) {
180 ACCOUNT_LOGE("check descriptor failed! code %{public}u.", code);
181 return ERR_ACCOUNT_COMMON_CHECK_DESCRIPTOR_ERROR;
182 }
183 const auto &itFunc = stubFuncMap.find(static_cast<DomainAccountInterfaceCode>(code));
184 if (itFunc != stubFuncMap.end()) {
185 return (itFunc->second)(this, data, reply);
186 }
187 ACCOUNT_LOGW("remote request unhandled: %{public}d", code);
188 return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
189 }
190
ProcHasDomainAccount(MessageParcel & data,MessageParcel & reply)191 ErrCode DomainAccountStub::ProcHasDomainAccount(MessageParcel &data, MessageParcel &reply)
192 {
193 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
194 if (info == nullptr) {
195 ACCOUNT_LOGE("failed to read domain account info");
196 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
197 }
198 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
199 if (callback == nullptr) {
200 ACCOUNT_LOGE("failed to read domain callback");
201 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
202 }
203 ErrCode result = HasDomainAccount(*info, callback);
204 if (!reply.WriteInt32(result)) {
205 ACCOUNT_LOGE("failed to write reply, result %{public}d.", result);
206 return IPC_STUB_WRITE_PARCEL_ERR;
207 }
208 return ERR_NONE;
209 }
210
ProcUpdateAccountToken(MessageParcel & data,MessageParcel & reply)211 ErrCode DomainAccountStub::ProcUpdateAccountToken(MessageParcel &data, MessageParcel &reply)
212 {
213 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
214 if (info == nullptr) {
215 ACCOUNT_LOGE("failed to read domain account info");
216 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
217 }
218 std::vector<uint8_t> token;
219 if (!data.ReadUInt8Vector(&token)) {
220 ACCOUNT_LOGE("fail to read token");
221 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
222 }
223 ErrCode result = UpdateAccountToken(*info, token);
224 if (!reply.WriteInt32(result)) {
225 ACCOUNT_LOGE("failed to write reply, result %{public}d.", result);
226 return IPC_STUB_WRITE_PARCEL_ERR;
227 }
228 return ERR_NONE;
229 }
230
ProcIsAuthenticationExpired(MessageParcel & data,MessageParcel & reply)231 ErrCode DomainAccountStub::ProcIsAuthenticationExpired(MessageParcel &data, MessageParcel &reply)
232 {
233 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
234 if (info == nullptr) {
235 ACCOUNT_LOGE("Read DomainAccountInfo failed.");
236 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
237 }
238 bool isExpired = true;
239 ErrCode result = IsAuthenticationExpired(*info, isExpired);
240 if (!reply.WriteInt32(result)) {
241 ACCOUNT_LOGE("Write reply failed.");
242 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
243 }
244 if (result != ERR_OK) {
245 ACCOUNT_LOGE("IsAuthenticationExpired failed %{public}d.", result);
246 return result;
247 }
248 if (!reply.WriteBool(isExpired)) {
249 ACCOUNT_LOGE("Write isExpired failed.");
250 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
251 }
252 return ERR_OK;
253 }
254
ProcSetAccountPolicy(MessageParcel & data,MessageParcel & reply)255 ErrCode DomainAccountStub::ProcSetAccountPolicy(MessageParcel &data, MessageParcel &reply)
256 {
257 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
258 if (info == nullptr) {
259 ACCOUNT_LOGE("failed to read domain account info");
260 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
261 }
262 std::string policy;
263 if (!data.ReadString(policy)) {
264 ACCOUNT_LOGE("Read threshold failed.");
265 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
266 }
267 ErrCode result = SetAccountPolicy(*info, policy);
268 if (!reply.WriteInt32(result)) {
269 ACCOUNT_LOGE("Write reply failed.");
270 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
271 }
272 return ERR_OK;
273 }
274
ProcGetAccountPolicy(MessageParcel & data,MessageParcel & reply)275 ErrCode DomainAccountStub::ProcGetAccountPolicy(MessageParcel &data, MessageParcel &reply)
276 {
277 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
278 if (info == nullptr) {
279 ACCOUNT_LOGE("failed to read domain account info");
280 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
281 }
282 std::string policy;
283 ErrCode result = GetAccountPolicy(*info, policy);
284 if (!reply.WriteInt32(result)) {
285 ACCOUNT_LOGE("Write reply failed.");
286 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
287 }
288 if (result != ERR_OK) {
289 ACCOUNT_LOGE("GetAccountPolicy failed %{public}d.", result);
290 return result;
291 }
292 if (!reply.WriteString(policy)) {
293 ACCOUNT_LOGE("Write reply policy failed.");
294 return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR;
295 }
296 return ERR_OK;
297 }
298
ProcRegisterPlugin(MessageParcel & data,MessageParcel & reply)299 ErrCode DomainAccountStub::ProcRegisterPlugin(MessageParcel &data, MessageParcel &reply)
300 {
301 auto plugin = iface_cast<IDomainAccountPlugin>(data.ReadRemoteObject());
302 if (plugin == nullptr) {
303 ACCOUNT_LOGE("Failed to read plugin");
304 return IPC_STUB_WRITE_PARCEL_ERR;
305 }
306 ErrCode result = RegisterPlugin(plugin);
307 if (!reply.WriteInt32(result)) {
308 ACCOUNT_LOGE("failed to write result");
309 return IPC_STUB_WRITE_PARCEL_ERR;
310 }
311 return ERR_NONE;
312 }
313
ProcUnregisterPlugin(MessageParcel & data,MessageParcel & reply)314 ErrCode DomainAccountStub::ProcUnregisterPlugin(MessageParcel &data, MessageParcel &reply)
315 {
316 ErrCode result = UnregisterPlugin();
317 if (!reply.WriteInt32(result)) {
318 ACCOUNT_LOGE("fail to write result");
319 return IPC_STUB_WRITE_PARCEL_ERR;
320 }
321 return ERR_NONE;
322 }
323
ProcAuth(MessageParcel & data,MessageParcel & reply)324 ErrCode DomainAccountStub::ProcAuth(MessageParcel &data, MessageParcel &reply)
325 {
326 DomainAccountInfo info;
327 if (!data.ReadString(info.accountName_)) {
328 ACCOUNT_LOGE("fail to read name");
329 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
330 }
331 if (!data.ReadString(info.domain_)) {
332 ACCOUNT_LOGE("fail to read domain");
333 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
334 }
335 std::vector<uint8_t> password;
336 if (!data.ReadUInt8Vector(&password)) {
337 ACCOUNT_LOGE("fail to read password");
338 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
339 }
340 if (!data.ReadString(info.serverConfigId_)) {
341 ACCOUNT_LOGE("fail to read serverConfigId");
342 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
343 }
344 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
345 ErrCode result = ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
346 if (callback == nullptr) {
347 ACCOUNT_LOGE("callback is nullptr");
348 } else {
349 result = Auth(info, password, callback);
350 }
351 (void)memset_s(password.data(), password.size(), 0, password.size());
352 if (!reply.WriteInt32(result)) {
353 ACCOUNT_LOGE("failed to write auth result");
354 return IPC_STUB_WRITE_PARCEL_ERR;
355 }
356 return ERR_NONE;
357 }
358
ProcGetAccountStatus(MessageParcel & data,MessageParcel & reply)359 ErrCode DomainAccountStub::ProcGetAccountStatus(MessageParcel &data, MessageParcel &reply)
360 {
361 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
362 if (info == nullptr) {
363 ACCOUNT_LOGE("failed to read domain account info");
364 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
365 }
366 DomainAccountStatus status;
367 ErrCode result = GetAccountStatus(*info, status);
368 if (!reply.WriteInt32(result)) {
369 ACCOUNT_LOGE("failed to write result");
370 return IPC_STUB_WRITE_PARCEL_ERR;
371 }
372 if (!reply.WriteInt32(status)) {
373 ACCOUNT_LOGE("failed to write status");
374 return IPC_STUB_WRITE_PARCEL_ERR;
375 }
376 return ERR_NONE;
377 }
378
ProcGetDomainAccountInfo(MessageParcel & data,MessageParcel & reply)379 ErrCode DomainAccountStub::ProcGetDomainAccountInfo(MessageParcel &data, MessageParcel &reply)
380 {
381 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
382 if (info == nullptr) {
383 ACCOUNT_LOGE("failed to read domain account info");
384 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
385 }
386 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
387 if (callback == nullptr) {
388 ACCOUNT_LOGE("failed to read domain callback");
389 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
390 }
391 ErrCode result = GetDomainAccountInfo(*info, callback);
392 if (!reply.WriteInt32(result)) {
393 ACCOUNT_LOGE("failed to write reply, result %{public}d.", result);
394 return IPC_STUB_WRITE_PARCEL_ERR;
395 }
396 return ERR_NONE;
397 }
398
ProcUpdateAccountInfo(MessageParcel & data,MessageParcel & reply)399 ErrCode DomainAccountStub::ProcUpdateAccountInfo(MessageParcel &data, MessageParcel &reply)
400 {
401 std::shared_ptr<DomainAccountInfo> oldAccountInfo(data.ReadParcelable<DomainAccountInfo>());
402 if (oldAccountInfo == nullptr) {
403 ACCOUNT_LOGE("Failed to read oldAccountInfo");
404 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
405 }
406 std::shared_ptr<DomainAccountInfo> newAccountInfo(data.ReadParcelable<DomainAccountInfo>());
407 if (newAccountInfo == nullptr) {
408 ACCOUNT_LOGE("Failed to read newAccountInfo");
409 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
410 }
411 ErrCode result = UpdateAccountInfo(*oldAccountInfo, *newAccountInfo);
412 if (!reply.WriteInt32(result)) {
413 ACCOUNT_LOGE("Failed to write reply, result %{public}d.", result);
414 return IPC_STUB_WRITE_PARCEL_ERR;
415 }
416 return ERR_NONE;
417 }
418
ProcRegisterAccountStatusListener(MessageParcel & data,MessageParcel & reply)419 ErrCode DomainAccountStub::ProcRegisterAccountStatusListener(MessageParcel &data, MessageParcel &reply)
420 {
421 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
422 if (callback == nullptr) {
423 ACCOUNT_LOGE("failed to read domain callback");
424 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
425 }
426 ErrCode result = RegisterAccountStatusListener(callback);
427 if (!reply.WriteInt32(result)) {
428 ACCOUNT_LOGE("failed to write reply, result %{public}d.", result);
429 return IPC_STUB_WRITE_PARCEL_ERR;
430 }
431
432 return ERR_OK;
433 }
434
ProcUnregisterAccountStatusListener(MessageParcel & data,MessageParcel & reply)435 ErrCode DomainAccountStub::ProcUnregisterAccountStatusListener(MessageParcel &data, MessageParcel &reply)
436 {
437 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
438 if (callback == nullptr) {
439 ACCOUNT_LOGE("failed to read domain callback");
440 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
441 }
442 ErrCode result = UnregisterAccountStatusListener(callback);
443 if (!reply.WriteInt32(result)) {
444 ACCOUNT_LOGE("failed to write reply, result %{public}d.", result);
445 return IPC_STUB_WRITE_PARCEL_ERR;
446 }
447 return ERR_OK;
448 }
449
ProcAuthUser(MessageParcel & data,MessageParcel & reply)450 ErrCode DomainAccountStub::ProcAuthUser(MessageParcel &data, MessageParcel &reply)
451 {
452 int32_t userId = 0;
453 if (!data.ReadInt32(userId)) {
454 ACCOUNT_LOGE("fail to read userId");
455 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
456 }
457 std::vector<uint8_t> password;
458 if (!data.ReadUInt8Vector(&password)) {
459 ACCOUNT_LOGE("fail to read password");
460 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
461 }
462 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
463 ErrCode result = ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
464 if (callback == nullptr) {
465 ACCOUNT_LOGE("callback is nullptr");
466 } else {
467 result = AuthUser(userId, password, callback);
468 }
469 (void)memset_s(password.data(), password.size(), 0, password.size());
470 if (!reply.WriteInt32(result)) {
471 ACCOUNT_LOGE("failed to write authUser result");
472 return IPC_STUB_WRITE_PARCEL_ERR;
473 }
474 return ERR_NONE;
475 }
476
ProcAuthWithPopup(MessageParcel & data,MessageParcel & reply)477 ErrCode DomainAccountStub::ProcAuthWithPopup(MessageParcel &data, MessageParcel &reply)
478 {
479 int32_t userId = 0;
480 if (!data.ReadInt32(userId)) {
481 ACCOUNT_LOGE("fail to read userId");
482 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
483 }
484 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
485 ErrCode result = ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
486 if (callback == nullptr) {
487 ACCOUNT_LOGE("callback is nullptr");
488 } else {
489 result = AuthWithPopup(userId, callback);
490 }
491 if (!reply.WriteInt32(result)) {
492 ACCOUNT_LOGE("failed to write authUser result");
493 return IPC_STUB_WRITE_PARCEL_ERR;
494 }
495 return ERR_NONE;
496 }
497
ProcGetDomainAccessToken(MessageParcel & data,MessageParcel & reply)498 ErrCode DomainAccountStub::ProcGetDomainAccessToken(MessageParcel &data, MessageParcel &reply)
499 {
500 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
501 if (info == nullptr) {
502 ACCOUNT_LOGE("failed to read domain account info");
503 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
504 }
505 std::shared_ptr<AAFwk::WantParams> parameters(data.ReadParcelable<AAFwk::WantParams>());
506 if (parameters == nullptr) {
507 ACCOUNT_LOGE("failed to read domain parameters");
508 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
509 }
510 auto callback = iface_cast<IDomainAccountCallback>(data.ReadRemoteObject());
511 if (callback == nullptr) {
512 ACCOUNT_LOGE("failed to read domain callback");
513 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
514 }
515 ErrCode result = GetAccessToken(*info, *parameters, callback);
516 if (!reply.WriteInt32(result)) {
517 ACCOUNT_LOGE("failed to write reply, result %{public}d.", result);
518 return IPC_STUB_WRITE_PARCEL_ERR;
519 }
520 return ERR_NONE;
521 }
522
ProcAddServerConfig(MessageParcel & data,MessageParcel & reply)523 ErrCode DomainAccountStub::ProcAddServerConfig(MessageParcel &data, MessageParcel &reply)
524 {
525 std::string parameters;
526 if (!data.ReadString(parameters)) {
527 ACCOUNT_LOGE("Failed to read domain server config.");
528 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
529 }
530 DomainServerConfig config;
531 ErrCode result = AddServerConfig(parameters, config);
532 if (!reply.WriteInt32(result)) {
533 ACCOUNT_LOGE("Failed to write reply, result=%{public}d.", result);
534 return IPC_STUB_WRITE_PARCEL_ERR;
535 }
536 if (result != ERR_OK) {
537 return result;
538 }
539 if (!reply.WriteParcelable(&config)) {
540 ACCOUNT_LOGE("Failed to write identifier.");
541 return IPC_STUB_WRITE_PARCEL_ERR;
542 }
543 return ERR_NONE;
544 }
545
ProcRemoveServerConfig(MessageParcel & data,MessageParcel & reply)546 ErrCode DomainAccountStub::ProcRemoveServerConfig(MessageParcel &data, MessageParcel &reply)
547 {
548 std::string configId;
549 if (!data.ReadString(configId)) {
550 ACCOUNT_LOGE("Fail to configId");
551 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
552 }
553 ErrCode result = RemoveServerConfig(configId);
554 if (!reply.WriteInt32(result)) {
555 ACCOUNT_LOGE("Failed to write reply, result=%{public}d.", result);
556 return IPC_STUB_WRITE_PARCEL_ERR;
557 }
558 return result;
559 }
560
ProcUpdateServerConfig(MessageParcel & data,MessageParcel & reply)561 ErrCode DomainAccountStub::ProcUpdateServerConfig(MessageParcel &data, MessageParcel &reply)
562 {
563 std::string configId;
564 if (!data.ReadString(configId)) {
565 ACCOUNT_LOGE("Fail to configId");
566 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
567 }
568 std::string parameters;
569 if (!data.ReadString(parameters)) {
570 ACCOUNT_LOGE("Failed to read domain server config.");
571 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
572 }
573 DomainServerConfig config;
574 ErrCode result = UpdateServerConfig(configId, parameters, config);
575 if (!reply.WriteInt32(result)) {
576 ACCOUNT_LOGE("Failed to write reply, result=%{public}d.", result);
577 return IPC_STUB_WRITE_PARCEL_ERR;
578 }
579 if (result != ERR_OK) {
580 return result;
581 }
582 if (!reply.WriteParcelable(&config)) {
583 ACCOUNT_LOGE("Failed to write identifier.");
584 return IPC_STUB_WRITE_PARCEL_ERR;
585 }
586 return result;
587 }
588
ProcGetServerConfig(MessageParcel & data,MessageParcel & reply)589 ErrCode DomainAccountStub::ProcGetServerConfig(MessageParcel &data, MessageParcel &reply)
590 {
591 std::string configId;
592 if (!data.ReadString(configId)) {
593 ACCOUNT_LOGE("Fail to configId");
594 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
595 }
596 DomainServerConfig config;
597 ErrCode result = GetServerConfig(configId, config);
598 if (!reply.WriteInt32(result)) {
599 ACCOUNT_LOGE("Failed to write reply, result=%{public}d.", result);
600 return IPC_STUB_WRITE_PARCEL_ERR;
601 }
602 if (result != ERR_OK) {
603 return result;
604 }
605 if (!reply.WriteParcelable(&config)) {
606 ACCOUNT_LOGE("Failed to write identifier.");
607 return IPC_STUB_WRITE_PARCEL_ERR;
608 }
609 return result;
610 }
611
ProcGetAllServerConfigs(MessageParcel & data,MessageParcel & reply)612 ErrCode DomainAccountStub::ProcGetAllServerConfigs(MessageParcel &data, MessageParcel &reply)
613 {
614 std::vector<DomainServerConfig> configs;
615 ErrCode result = GetAllServerConfigs(configs);
616 if (!reply.WriteInt32(result)) {
617 ACCOUNT_LOGE("Failed to write reply, result=%{public}d.", result);
618 return IPC_STUB_WRITE_PARCEL_ERR;
619 }
620 if (result != ERR_OK) {
621 return result;
622 }
623 if (!reply.WriteInt32(static_cast<uint32_t>(configs.size()))) {
624 ACCOUNT_LOGE("Failed to write config count.");
625 return IPC_STUB_WRITE_PARCEL_ERR;
626 }
627 for (const auto &config : configs) {
628 if (!reply.WriteParcelable(&config)) {
629 ACCOUNT_LOGE("Failed to write config.");
630 return IPC_STUB_WRITE_PARCEL_ERR;
631 }
632 }
633 return result;
634 }
635
ProcGetAccountServerConfig(MessageParcel & data,MessageParcel & reply)636 ErrCode DomainAccountStub::ProcGetAccountServerConfig(MessageParcel &data, MessageParcel &reply)
637 {
638 std::shared_ptr<DomainAccountInfo> info(data.ReadParcelable<DomainAccountInfo>());
639 if (info == nullptr) {
640 ACCOUNT_LOGE("Failed to read domain server config.");
641 return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR;
642 }
643 DomainServerConfig config;
644 ErrCode result = GetAccountServerConfig(*info, config);
645 if (!reply.WriteInt32(result)) {
646 ACCOUNT_LOGE("Failed to write reply, result=%{public}d.", result);
647 return IPC_STUB_WRITE_PARCEL_ERR;
648 }
649 if (result != ERR_OK) {
650 return result;
651 }
652 if (!reply.WriteParcelable(&config)) {
653 ACCOUNT_LOGE("Failed to write identifier.");
654 return IPC_STUB_WRITE_PARCEL_ERR;
655 }
656 return ERR_NONE;
657 }
658
659 static const std::map<DomainAccountInterfaceCode, std::vector<std::string>> permissionMap = {
660 {DomainAccountInterfaceCode::REGISTER_PLUGIN, {MANAGE_LOCAL_ACCOUNTS}},
661 {DomainAccountInterfaceCode::UNREGISTER_PLUGIN, {MANAGE_LOCAL_ACCOUNTS}},
662 {DomainAccountInterfaceCode::DOMAIN_SET_ACCOUNT_POLICY, {MANAGE_LOCAL_ACCOUNTS}},
663 {DomainAccountInterfaceCode::DOMAIN_GET_ACCOUNT_POLICY, {MANAGE_LOCAL_ACCOUNTS}},
664 {DomainAccountInterfaceCode::DOMAIN_HAS_DOMAIN_ACCOUNT, {MANAGE_LOCAL_ACCOUNTS}},
665 {DomainAccountInterfaceCode::DOMAIN_UPDATE_ACCOUNT_TOKEN, {MANAGE_LOCAL_ACCOUNTS}},
666 {DomainAccountInterfaceCode::DOMAIN_UPDATE_ACCOUNT_INFO, {MANAGE_LOCAL_ACCOUNTS, MANAGE_DOMAIN_ACCOUNTS}},
667 {DomainAccountInterfaceCode::DOMAIN_ACCOUNT_STATUS_ENQUIRY, {GET_LOCAL_ACCOUNTS}},
668 {DomainAccountInterfaceCode::DOMAIN_ACCOUNT_STATUS_LISTENER_REGISTER, {GET_LOCAL_ACCOUNTS}},
669 {DomainAccountInterfaceCode::DOMAIN_ACCOUNT_STATUS_LISTENER_UNREGISTER, {GET_LOCAL_ACCOUNTS}},
670 {DomainAccountInterfaceCode::DOMAIN_AUTH, {ACCESS_USER_AUTH_INTERNAL}},
671 {DomainAccountInterfaceCode::DOMAIN_AUTH_USER, {ACCESS_USER_AUTH_INTERNAL}},
672 {DomainAccountInterfaceCode::DOMAIN_GET_ACCOUNT_INFO, {GET_DOMAIN_ACCOUNTS}},
673 {DomainAccountInterfaceCode::DOMAIN_IS_AUTHENTICATION_EXPIRED,
674 {MANAGE_LOCAL_ACCOUNTS, INTERACT_ACROSS_LOCAL_ACCOUNTS}},
675 {DomainAccountInterfaceCode::ADD_SERVER_CONFIG,
676 {MANAGE_LOCAL_ACCOUNTS, MANAGE_DOMAIN_ACCOUNT_SERVER_CONFIGS}},
677 {DomainAccountInterfaceCode::REMOVE_SERVER_CONFIG,
678 {MANAGE_LOCAL_ACCOUNTS, MANAGE_DOMAIN_ACCOUNT_SERVER_CONFIGS}},
679 {DomainAccountInterfaceCode::GET_ACCOUNT_SERVER_CONFIG,
680 {MANAGE_LOCAL_ACCOUNTS, MANAGE_DOMAIN_ACCOUNT_SERVER_CONFIGS}},
681 {DomainAccountInterfaceCode::UPDATE_SERVER_CONFIG, {MANAGE_DOMAIN_ACCOUNT_SERVER_CONFIGS}},
682 {DomainAccountInterfaceCode::GET_SERVER_CONFIG, {MANAGE_DOMAIN_ACCOUNT_SERVER_CONFIGS}},
683 {DomainAccountInterfaceCode::GET_ALL_SERVER_CONFIGS, {MANAGE_DOMAIN_ACCOUNT_SERVER_CONFIGS}}
684 };
685
CheckPermission(DomainAccountInterfaceCode code,int32_t uid)686 ErrCode DomainAccountStub::CheckPermission(DomainAccountInterfaceCode code, int32_t uid)
687 {
688 if (NON_SYSTEM_API_SET.find(code) == NON_SYSTEM_API_SET.end()) {
689 ErrCode errCode = AccountPermissionManager::CheckSystemApp();
690 if (errCode != ERR_OK) {
691 ACCOUNT_LOGE("the caller is not system application, errCode = %{public}d.", errCode);
692 return errCode;
693 }
694 }
695 if (uid == 0) {
696 return ERR_OK;
697 }
698 const auto& it = permissionMap.find(code);
699 if (it == permissionMap.end()) {
700 ACCOUNT_LOGW("No specific permission defined for code %{public}d, returning OK", static_cast<int>(code));
701 return ERR_OK;
702 }
703 const auto& requiredPermissions = it->second;
704 if (requiredPermissions.empty()) {
705 return ERR_OK;
706 }
707 bool hasAnyPermission = std::any_of(requiredPermissions.begin(), requiredPermissions.end(),
708 [](const std::string& permission) {
709 return AccountPermissionManager::VerifyPermission(permission) == ERR_OK;
710 });
711 if (!hasAnyPermission) {
712 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
713 }
714 return ERR_OK;
715 }
716 } // namespace AccountSA
717 } // namespace OHOS
718