#include "afb-session.h"
#include "afb-context.h"
#include "afb-token.h"
+#include "afb-cred.h"
+#include "afb-perm.h"
+#include "afb-permission-text.h"
+#include "verbose.h"
-static void init_context(struct afb_context *context, struct afb_session *session, struct afb_token *token)
+static void init_context(struct afb_context *context, struct afb_session *session, struct afb_token *token, struct afb_cred *cred)
{
assert(session != NULL);
context->super = NULL;
context->api_key = NULL;
context->token = afb_token_addref(token);
-
- /* check the token */
- if (token != NULL) {
- if (afb_token_check(token))
- context->validated = 1;
- else
- context->invalidated = 1;
- }
-}
-
-void afb_context_init(struct afb_context *context, struct afb_session *session, struct afb_token *token)
-{
- init_context(context, afb_session_addref(session), token);
-}
-
-void afb_context_init_validated(struct afb_context *context, struct afb_session *session)
-{
- afb_context_init(context, session, NULL);
- context->validated = 1;
+ context->credentials = afb_cred_addref(cred);
}
void afb_context_subinit(struct afb_context *context, struct afb_context *super)
{
- context->session = super->session;
+ context->session = afb_session_addref(super->session);
context->flags = 0;
context->super = super;
context->api_key = NULL;
- context->token = super->token;
- context->validated = super->validated;
+ context->token = afb_token_addref(super->token);
+ context->credentials = afb_cred_addref(super->credentials);
}
-int afb_context_connect(struct afb_context *context, const char *uuid, struct afb_token *token)
+void afb_context_init(struct afb_context *context, struct afb_session *session, struct afb_token *token, struct afb_cred *cred)
+{
+ init_context(context, afb_session_addref(session), token, cred);
+}
+
+int afb_context_connect(struct afb_context *context, const char *uuid, struct afb_token *token, struct afb_cred *cred)
{
int created;
struct afb_session *session;
session = afb_session_get (uuid, AFB_SESSION_TIMEOUT_DEFAULT, &created);
if (session == NULL)
return -1;
- init_context(context, session, token);
+ init_context(context, session, token, cred);
if (created) {
context->created = 1;
}
return 0;
}
-int afb_context_connect_validated(struct afb_context *context, const char *uuid)
+int afb_context_connect_validated(struct afb_context *context, const char *uuid, struct afb_token *token, struct afb_cred *cred)
{
- int rc = afb_context_connect(context, uuid, NULL);
+ int rc = afb_context_connect(context, uuid, token, cred);
if (!rc)
context->validated = 1;
return rc;
}
+void afb_context_init_validated(struct afb_context *context, struct afb_session *session, struct afb_token *token, struct afb_cred *cred)
+{
+ afb_context_init(context, session, token, cred);
+ context->validated = 1;
+}
+
void afb_context_disconnect(struct afb_context *context)
{
- if (context->session && !context->super) {
- if (context->closing && !context->closed) {
- afb_context_change_loa(context, 0);
- afb_context_set(context, NULL, NULL);
- context->closed = 1;
+ if (context->session && !context->super && context->closing && !context->closed) {
+ afb_context_change_loa(context, 0);
+ afb_context_set(context, NULL, NULL);
+ context->closed = 1;
+ }
+ afb_session_unref(context->session);
+ context->session = NULL;
+ afb_cred_unref(context->credentials);
+ context->credentials = NULL;
+ afb_token_unref(context->token);
+ context->token = NULL;
+}
+
+void afb_context_change_cred(struct afb_context *context, struct afb_cred *cred)
+{
+ struct afb_cred *ocred = context->credentials;
+ if (ocred != cred) {
+ context->credentials = afb_cred_addref(cred);
+ afb_cred_unref(ocred);
+ }
+}
+
+void afb_context_change_token(struct afb_context *context, struct afb_token *token)
+{
+ struct afb_token *otoken = context->token;
+ if (otoken != token) {
+ context->token = afb_token_addref(token);
+ afb_token_unref(otoken);
+ }
+}
+
+const char *afb_context_on_behalf_export(struct afb_context *context)
+{
+ return context->credentials ? afb_cred_export(context->credentials) : NULL;
+}
+
+int afb_context_on_behalf_import(struct afb_context *context, const char *exported)
+{
+ int rc;
+ struct afb_cred *imported, *ocred;
+
+ if (!exported || !*exported)
+ rc = 0;
+ else {
+ if (afb_context_has_permission(context, afb_permission_on_behalf_credential)) {
+ imported = afb_cred_import(exported);
+ if (!imported) {
+ ERROR("Can't import on behalf credentials: %m");
+ rc = -1;
+ } else {
+ ocred = context->credentials;
+ context->credentials = imported;
+ afb_cred_unref(ocred);
+ rc = 0;
+ }
+ } else {
+ ERROR("On behalf credentials refused");
+ rc = -1;
}
- afb_token_unref(context->token);
- afb_session_unref(context->session);
- context->session = NULL;
}
+ return rc;
+}
+
+void afb_context_on_behalf_other_context(struct afb_context *context, struct afb_context *other)
+{
+ afb_context_change_cred(context, other->credentials);
+ afb_context_change_token(context, other->token);
+}
+
+int afb_context_has_permission(struct afb_context *context, const char *permission)
+{
+ return afb_perm_check(context, permission);
+}
+
+void afb_context_has_permission_async(
+ struct afb_context *context,
+ const char *permission,
+ void (*callback)(void *_closure, int _status),
+ void *closure
+)
+{
+ return afb_perm_check_async(context, permission, callback, closure);
}
const char *afb_context_uuid(struct afb_context *context)
{
- return context->session ? afb_session_uuid(context->session) : "";
+ return context->session ? afb_session_uuid(context->session) : NULL;
}
void *afb_context_make(struct afb_context *context, int replace, void *(*make_value)(void *closure), void (*free_value)(void *item), void *closure)
context->closing = 1;
}
-int afb_context_check(struct afb_context *context)
+struct chkctx {
+ struct afb_context *context;
+ void (*callback)(void *_closure, int _status);
+ void *closure;
+};
+
+static void check_context_cb(void *closure_chkctx, int status)
{
- if (context->super)
- return afb_context_check(context);
- return context->validated;
+ struct chkctx *cc = closure_chkctx;
+ struct afb_context *context = cc->context;
+ void (*callback)(void*,int) = cc->callback;
+ void *closure = cc->closure;
+
+ free(cc);
+ if (status)
+ context->validated = 1;
+ else
+ context->invalidated = 1;
+ callback(closure, status);
}
-int afb_context_check_loa(struct afb_context *context, unsigned loa)
+static int check_context(
+ struct afb_context *context,
+ void (*callback)(void *_closure, int _status),
+ void *closure
+) {
+ int r;
+ struct chkctx *cc;
+
+ if (context->validated)
+ r = 1;
+ else if (context->invalidated)
+ r = 0;
+ else {
+ if (context->super)
+ r = check_context(context->super, callback, closure);
+ else if (!callback)
+ r = afb_context_has_permission(context, afb_permission_token_valid);
+ else {
+ cc = malloc(sizeof *cc);
+ if (cc) {
+ cc->context = context;
+ cc->callback = callback;
+ cc->closure = closure;
+ afb_context_has_permission_async(context, afb_permission_token_valid, check_context_cb, cc);
+ return -1;
+ }
+ ERROR("out-of-memory");
+ r = 0;
+ }
+ if (r)
+ context->validated = 1;
+ else
+ context->invalidated = 1;
+ }
+ return r;
+}
+
+int afb_context_check(struct afb_context *context)
{
- return afb_context_get_loa(context) >= loa;
+ return check_context(context, 0, 0);
+}
+
+void afb_context_check_async(
+ struct afb_context *context,
+ void (*callback)(void *_closure, int _status),
+ void *closure
+) {
+ int r = check_context(context, callback, closure);
+ if (r >= 0)
+ callback(closure, r);
}
static inline const void *loa_key(struct afb_context *context)
int afb_context_change_loa(struct afb_context *context, unsigned loa)
{
- if (!context->validated || loa > 7) {
+ if (loa > 7) {
errno = EINVAL;
return -1;
}
+ if (!afb_context_check(context)) {
+ errno = EPERM;
+ return -1;
+ }
return afb_session_set_cookie(context->session, loa_key(context), loa2ptr(loa), NULL);
}
assert(context->session != NULL);
return ptr2loa(afb_session_get_cookie(context->session, loa_key(context)));
}
+
+int afb_context_check_loa(struct afb_context *context, unsigned loa)
+{
+ return afb_context_get_loa(context) >= loa;
+}