/*
- * Copyright (C) 2016, 2017 "IoT.bzh"
+ * Copyright (C) 2016, 2017, 2018 "IoT.bzh"
* Author "Fulup Ar Foll"
* Author José Bollo <jose.bollo@iot.bzh>
*
*/
#define _GNU_SOURCE
-#define AFB_BINDING_PRAGMA_NO_VERBOSE_MACRO
#include <stdlib.h>
+#include <json-c/json.h>
#include <afb/afb-auth.h>
+#include <afb/afb-session-x2.h>
#include "afb-auth.h"
#include "afb-context.h"
}
}
+int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission)
+{
+ return afb_cred_has_permission(xreq->cred, permission, afb_context_uuid(&xreq->context));
+}
+
/*********************************************************************************/
-#ifdef BACKEND_PERMISSION_IS_CYNARA
-#include <pthread.h>
-#include <cynara-client.h>
+static struct json_object *addperm(struct json_object *o, struct json_object *x)
+{
+ struct json_object *a;
-static cynara *handle;
-static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
+ if (!o)
+ return x;
-int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission)
+ if (!json_object_object_get_ex(o, "allOf", &a)) {
+ a = json_object_new_array();
+ json_object_array_add(a, o);
+ o = json_object_new_object();
+ json_object_object_add(o, "allOf", a);
+ }
+ json_object_array_add(a, x);
+ return o;
+}
+
+static struct json_object *addperm_key_val(struct json_object *o, const char *key, struct json_object *val)
{
- int rc;
+ struct json_object *x = json_object_new_object();
+ json_object_object_add(x, key, val);
+ return addperm(o, x);
+}
- if (!xreq->cred) {
- /* case of permission for self */
- return 1;
- }
- if (!permission) {
- ERROR("Got a null permission!");
- return 0;
- }
+static struct json_object *addperm_key_valstr(struct json_object *o, const char *key, const char *val)
+{
+ return addperm_key_val(o, key, json_object_new_string(val));
+}
- /* cynara isn't reentrant */
- pthread_mutex_lock(&mutex);
-
- /* lazy initialisation */
- if (!handle) {
- rc = cynara_initialize(&handle, NULL);
- if (rc != CYNARA_API_SUCCESS) {
- handle = NULL;
- ERROR("cynara initialisation failed with code %d", rc);
- return 0;
- }
+static struct json_object *addperm_key_valint(struct json_object *o, const char *key, int val)
+{
+ return addperm_key_val(o, key, json_object_new_int(val));
+}
+
+static struct json_object *addauth_or_array(struct json_object *o, const struct afb_auth *auth);
+
+static struct json_object *addauth(struct json_object *o, const struct afb_auth *auth)
+{
+ switch(auth->type) {
+ case afb_auth_No: return addperm(o, json_object_new_boolean(0));
+ case afb_auth_Token: return addperm_key_valstr(o, "session", "check");
+ case afb_auth_LOA: return addperm_key_valint(o, "LOA", auth->loa);
+ case afb_auth_Permission: return addperm_key_valstr(o, "permission", auth->text);
+ case afb_auth_Or: return addperm_key_val(o, "anyOf", addauth_or_array(json_object_new_array(), auth));
+ case afb_auth_And: return addauth(addauth(o, auth->first), auth->next);
+ case afb_auth_Not: return addperm_key_val(o, "not", addauth(NULL, auth->first));
+ case afb_auth_Yes: return addperm(o, json_object_new_boolean(1));
}
+ return o;
+}
- /* query cynara permission */
- rc = cynara_check(handle, xreq->cred->label, afb_context_uuid(&xreq->context), xreq->cred->user, permission);
+static struct json_object *addauth_or_array(struct json_object *o, const struct afb_auth *auth)
+{
+ if (auth->type != afb_auth_Or)
+ json_object_array_add(o, addauth(NULL, auth));
+ else {
+ addauth_or_array(o, auth->first);
+ addauth_or_array(o, auth->next);
+ }
- pthread_mutex_unlock(&mutex);
- return rc == CYNARA_API_ACCESS_ALLOWED;
+ return o;
}
-/*********************************************************************************/
-#else
-int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission)
+struct json_object *afb_auth_json_v2(const struct afb_auth *auth, int session)
{
- WARNING("Granting permission %s by default of backend", permission ?: "(null)");
- return !!permission;
+ struct json_object *result = NULL;
+
+ if (session & AFB_SESSION_CLOSE_X2)
+ result = addperm_key_valstr(result, "session", "close");
+
+ if (session & AFB_SESSION_CHECK_X2)
+ result = addperm_key_valstr(result, "session", "check");
+
+ if (session & AFB_SESSION_REFRESH_X2)
+ result = addperm_key_valstr(result, "token", "refresh");
+
+ if (session & AFB_SESSION_LOA_MASK_X2)
+ result = addperm_key_valint(result, "LOA", session & AFB_SESSION_LOA_MASK_X2);
+
+ if (auth)
+ result = addauth(result, auth);
+
+ return result;
}
-#endif