afb-session: remove initial token

[src/app-framework-binder.git] / src / afb-cred.c

diff --git a/src/afb-cred.c b/src/afb-cred.c
index b7b3175..b6d698e 100644 (file)
--- a/src/afb-cred.c
+++ b/src/afb-cred.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017, 2018 "IoT.bzh"
+ * Copyright (C) 2017-2019 "IoT.bzh"
  * Author: José Bollo <jose.bollo@iot.bzh>
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -19,6 +19,7 @@
 
 #include <stdlib.h>
 #include <stdio.h>
+#include <stdint.h>
 #include <unistd.h>
 #include <string.h>
 #include <errno.h>
@@ -27,6 +28,8 @@
 #include <sys/socket.h>
 
 #include "afb-cred.h"
+#include "afb-context.h"
+#include "afb-token.h"
 #include "verbose.h"
 
 
@@ -169,10 +172,12 @@ struct afb_cred *afb_cred_addref(struct afb_cred *cred)
 void afb_cred_unref(struct afb_cred *cred)
 {
        if (cred && !__atomic_sub_fetch(&cred->refcount, 1, __ATOMIC_RELAXED)) {
-               if (cred != current)
-                       free(cred);
-               else
+               if (cred == current)
                        cred->refcount = 1;
+               else {
+                       free((void*)cred->exported);
+                       free(cred);
+               }
        }
 }
 
@@ -217,7 +222,7 @@ struct afb_cred *afb_cred_import(const char *string)
        return cred;
 }
 
-struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const char *context, const char *exported)
+struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, struct afb_context *context, const char *exported)
 
 {
        struct afb_cred *imported;
@@ -234,6 +239,12 @@ struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const ch
        return afb_cred_addref(cred);
 }
 
+/*********************************************************************************/
+static const char *token_of_context(struct afb_context *context)
+{
+       return context && context->token ? afb_token_string(context->token) : "X";
+}
+
 /*********************************************************************************/
 #ifdef BACKEND_PERMISSION_IS_CYNARA
 
@@ -243,7 +254,7 @@ struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const ch
 static cynara *handle;
 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
 
-int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context)
+int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context)
 {
        int rc;
 
@@ -270,7 +281,7 @@ int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const
        }
 
        /* query cynara permission */
-       rc = cynara_check(handle, cred->label, context ?: "", cred->user, permission);
+       rc = cynara_check(handle, cred->label, token_of_context(context), cred->user, permission);
 
        pthread_mutex_unlock(&mutex);
        return rc == CYNARA_API_ACCESS_ALLOWED;
@@ -278,7 +289,7 @@ int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const
 
 /*********************************************************************************/
 #else
-int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context)
+int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context)
 {
        WARNING("Granting permission %s by default of backend", permission ?: "(null)");
        return !!permission;