2 * Copyright (C) 2015-2020 "IoT.bzh"
3 * Author: José Bollo <jose.bollo@iot.bzh>
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
20 #include "afb-context.h"
22 #include "afb-token.h"
23 #include "afb-session.h"
26 /*********************************************************************************/
28 static inline const char *session_of_context(struct afb_context *context)
30 return context->token ? afb_token_string(context->token)
31 : context->session ? afb_session_uuid(context->session)
35 /*********************************************************************************/
36 #ifdef BACKEND_PERMISSION_IS_CYNARA
39 #include <cynara-client.h>
41 static cynara *handle;
42 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
44 int afb_perm_check(struct afb_context *context, const char *permission)
48 if (!context->credentials) {
49 /* case of permission for self */
53 ERROR("Got a null permission!");
57 /* cynara isn't reentrant */
58 pthread_mutex_lock(&mutex);
60 /* lazy initialisation */
62 rc = cynara_initialize(&handle, NULL);
63 if (rc != CYNARA_API_SUCCESS) {
65 ERROR("cynara initialisation failed with code %d", rc);
70 /* query cynara permission */
71 rc = cynara_check(handle, context->credentials->label, session_of_context(context), context->credentials->user, permission);
73 pthread_mutex_unlock(&mutex);
74 return rc == CYNARA_API_ACCESS_ALLOWED;
76 /*********************************************************************************/
78 int afb_perm_check(struct afb_context *context, const char *permission)
80 NOTICE("Granting permission %s by default of backend", permission ?: "(null)");
85 void afb_perm_check_async(
86 struct afb_context *context,
87 const char *permission,
88 void (*callback)(void *closure, int status),
92 callback(closure, afb_perm_check(context, permission));