/*
- * Copyright (C) 2015, 2016 "IoT.bzh"
+ * Copyright (C) 2015-2020 "IoT.bzh"
* Author "Fulup Ar Foll"
+ * Author José Bollo <jose.bollo@iot.bzh>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <assert.h>
#include <stdlib.h>
+#include <stdint.h>
+#include <errno.h>
-#include "session.h"
+#include "afb-session.h"
#include "afb-context.h"
+#include "afb-token.h"
+#include "afb-cred.h"
+#include "afb-perm.h"
+#include "afb-permission-text.h"
+#include "verbose.h"
-static void init_context(struct afb_context *context, struct AFB_clientCtx *session, const char *token)
+static void init_context(struct afb_context *context, struct afb_session *session, struct afb_token *token, struct afb_cred *cred)
{
assert(session != NULL);
/* reset the context for the session */
context->session = session;
context->flags = 0;
- context->api_index = -1;
- context->loa_in = ctxClientGetLOA(session) & 7;
+ context->super = NULL;
+ context->api_key = NULL;
+ context->token = afb_token_addref(token);
+ context->credentials = afb_cred_addref(cred);
+}
- /* check the token */
- if (token != NULL) {
- if (ctxTokenCheck(session, token))
- context->validated = 1;
- else
- context->invalidated = 1;
- }
+void afb_context_subinit(struct afb_context *context, struct afb_context *super)
+{
+ context->session = afb_session_addref(super->session);
+ context->flags = 0;
+ context->super = super;
+ context->api_key = NULL;
+ context->token = afb_token_addref(super->token);
+ context->credentials = afb_cred_addref(super->credentials);
}
-void afb_context_init(struct afb_context *context, struct AFB_clientCtx *session, const char *token)
+void afb_context_init(struct afb_context *context, struct afb_session *session, struct afb_token *token, struct afb_cred *cred)
{
- init_context(context, ctxClientAddRef(session), token);
+ init_context(context, afb_session_addref(session), token, cred);
}
-int afb_context_connect(struct afb_context *context, const char *uuid, const char *token)
+int afb_context_connect(struct afb_context *context, const char *uuid, struct afb_token *token, struct afb_cred *cred)
{
int created;
- struct AFB_clientCtx *session;
+ struct afb_session *session;
- session = ctxClientGetSession (uuid, &created);
+ session = afb_session_get (uuid, AFB_SESSION_TIMEOUT_DEFAULT, &created);
if (session == NULL)
return -1;
- init_context(context, session, token);
+ init_context(context, session, token, cred);
if (created) {
context->created = 1;
- context->refreshing = 1;
}
return 0;
}
+int afb_context_connect_validated(struct afb_context *context, const char *uuid, struct afb_token *token, struct afb_cred *cred)
+{
+ int rc = afb_context_connect(context, uuid, token, cred);
+ if (!rc)
+ context->validated = 1;
+ return rc;
+}
+
+void afb_context_init_validated(struct afb_context *context, struct afb_session *session, struct afb_token *token, struct afb_cred *cred)
+{
+ afb_context_init(context, session, token, cred);
+ context->validated = 1;
+}
+
void afb_context_disconnect(struct afb_context *context)
{
- if (context->session != NULL) {
- if (context->refreshing && !context->refreshed) {
- ctxTokenNew (context->session);
- context->refreshed = 1;
- }
- if (context->loa_changing && !context->loa_changed) {
- ctxClientSetLOA (context->session, context->loa_out);
- context->loa_changed = 1;
- }
- if (context->closing && !context->closed) {
- ctxClientClose(context->session);
- context->closed = 1;
- }
- ctxClientUnref(context->session);
- context->session = NULL;
+ if (context->session && !context->super && context->closing && !context->closed) {
+ afb_context_change_loa(context, 0);
+ afb_context_set(context, NULL, NULL);
+ context->closed = 1;
}
+ afb_session_unref(context->session);
+ context->session = NULL;
+ afb_cred_unref(context->credentials);
+ context->credentials = NULL;
+ afb_token_unref(context->token);
+ context->token = NULL;
}
-const char *afb_context_sent_token(struct afb_context *context)
+void afb_context_change_cred(struct afb_context *context, struct afb_cred *cred)
{
- if (context->session == NULL || context->closing)
- return NULL;
- if (!context->refreshing)
- return NULL;
- if (!context->refreshed) {
- ctxTokenNew (context->session);
- context->refreshed = 1;
+ struct afb_cred *ocred = context->credentials;
+ if (ocred != cred) {
+ context->credentials = afb_cred_addref(cred);
+ afb_cred_unref(ocred);
}
- return ctxClientGetToken(context->session);
}
-const char *afb_context_sent_uuid(struct afb_context *context)
+void afb_context_change_token(struct afb_context *context, struct afb_token *token)
{
- if (context->session == NULL || context->closing)
- return NULL;
- if (!context->created)
- return NULL;
- return ctxClientGetUuid(context->session);
+ struct afb_token *otoken = context->token;
+ if (otoken != token) {
+ context->token = afb_token_addref(token);
+ afb_token_unref(otoken);
+ }
+}
+
+const char *afb_context_on_behalf_export(struct afb_context *context)
+{
+ return context->credentials ? afb_cred_export(context->credentials) : NULL;
+}
+
+int afb_context_on_behalf_import(struct afb_context *context, const char *exported)
+{
+ int rc;
+ struct afb_cred *imported, *ocred;
+
+ if (!exported || !*exported)
+ rc = 0;
+ else {
+ if (afb_context_has_permission(context, afb_permission_on_behalf_credential)) {
+ imported = afb_cred_import(exported);
+ if (!imported) {
+ ERROR("Can't import on behalf credentials: %m");
+ rc = -1;
+ } else {
+ ocred = context->credentials;
+ context->credentials = imported;
+ afb_cred_unref(ocred);
+ rc = 0;
+ }
+ } else {
+ ERROR("On behalf credentials refused");
+ rc = -1;
+ }
+ }
+ return rc;
+}
+
+void afb_context_on_behalf_other_context(struct afb_context *context, struct afb_context *other)
+{
+ afb_context_change_cred(context, other->credentials);
+ afb_context_change_token(context, other->token);
+}
+
+int afb_context_has_permission(struct afb_context *context, const char *permission)
+{
+ return afb_perm_check(context, permission);
+}
+
+void afb_context_has_permission_async(
+ struct afb_context *context,
+ const char *permission,
+ void (*callback)(void *_closure, int _status),
+ void *closure
+)
+{
+ return afb_perm_check_async(context, permission, callback, closure);
+}
+
+const char *afb_context_uuid(struct afb_context *context)
+{
+ return context->session ? afb_session_uuid(context->session) : NULL;
+}
+
+void *afb_context_make(struct afb_context *context, int replace, void *(*make_value)(void *closure), void (*free_value)(void *item), void *closure)
+{
+ assert(context->session != NULL);
+ return afb_session_cookie(context->session, context->api_key, make_value, free_value, closure, replace);
}
void *afb_context_get(struct afb_context *context)
{
assert(context->session != NULL);
- return ctxClientValueGet(context->session, context->api_index);
+ return afb_session_get_cookie(context->session, context->api_key);
}
-void afb_context_set(struct afb_context *context, void *value, void (*free_value)(void*))
+int afb_context_set(struct afb_context *context, void *value, void (*free_value)(void*))
{
assert(context->session != NULL);
- return ctxClientValueSet(context->session, context->api_index, value, free_value);
+ return afb_session_set_cookie(context->session, context->api_key, value, free_value);
}
void afb_context_close(struct afb_context *context)
context->closing = 1;
}
-void afb_context_refresh(struct afb_context *context)
+struct chkctx {
+ struct afb_context *context;
+ void (*callback)(void *_closure, int _status);
+ void *closure;
+};
+
+static void check_context_cb(void *closure_chkctx, int status)
{
- assert(context->validated);
- context->refreshing = 1;
+ struct chkctx *cc = closure_chkctx;
+ struct afb_context *context = cc->context;
+ void (*callback)(void*,int) = cc->callback;
+ void *closure = cc->closure;
+
+ free(cc);
+ if (status)
+ context->validated = 1;
+ else
+ context->invalidated = 1;
+ callback(closure, status);
+}
+
+static int check_context(
+ struct afb_context *context,
+ void (*callback)(void *_closure, int _status),
+ void *closure
+) {
+ int r;
+ struct chkctx *cc;
+
+ if (context->validated)
+ r = 1;
+ else if (context->invalidated)
+ r = 0;
+ else {
+ if (context->super)
+ r = check_context(context->super, callback, closure);
+ else if (!callback)
+ r = afb_context_has_permission(context, afb_permission_token_valid);
+ else {
+ cc = malloc(sizeof *cc);
+ if (cc) {
+ cc->context = context;
+ cc->callback = callback;
+ cc->closure = closure;
+ afb_context_has_permission_async(context, afb_permission_token_valid, check_context_cb, cc);
+ return -1;
+ }
+ ERROR("out-of-memory");
+ r = 0;
+ }
+ if (r)
+ context->validated = 1;
+ else
+ context->invalidated = 1;
+ }
+ return r;
}
int afb_context_check(struct afb_context *context)
{
- return context->validated;
+ return check_context(context, 0, 0);
}
-int afb_context_check_loa(struct afb_context *context, unsigned loa)
+void afb_context_check_async(
+ struct afb_context *context,
+ void (*callback)(void *_closure, int _status),
+ void *closure
+) {
+ int r = check_context(context, callback, closure);
+ if (r >= 0)
+ callback(closure, r);
+}
+
+static inline const void *loa_key(struct afb_context *context)
{
- return context->loa_in >= loa;
+ return (const void*)(1+(intptr_t)(context->api_key));
}
-void afb_context_change_loa(struct afb_context *context, unsigned loa)
+static inline void *loa2ptr(unsigned loa)
{
- assert(context->validated);
+ return (void*)(intptr_t)loa;
+}
- if (loa == context->loa_in)
- context->loa_changing = 0;
- else {
- context->loa_changing = 1;
- context->loa_out = loa & 7;
+static inline unsigned ptr2loa(void *ptr)
+{
+ return (unsigned)(intptr_t)ptr;
+}
+
+int afb_context_change_loa(struct afb_context *context, unsigned loa)
+{
+ if (loa > 7) {
+ errno = EINVAL;
+ return -1;
}
+ if (!afb_context_check(context)) {
+ errno = EPERM;
+ return -1;
+ }
+
+ return afb_session_set_cookie(context->session, loa_key(context), loa2ptr(loa), NULL);
}
+unsigned afb_context_get_loa(struct afb_context *context)
+{
+ assert(context->session != NULL);
+ return ptr2loa(afb_session_get_cookie(context->session, loa_key(context)));
+}
+int afb_context_check_loa(struct afb_context *context, unsigned loa)
+{
+ return afb_context_get_loa(context) >= loa;
+}