/*
- * Copyright (C) 2017, 2018 "IoT.bzh"
+ * Copyright (C) 2017-2019 "IoT.bzh"
* Author: José Bollo <jose.bollo@iot.bzh>
*
* Licensed under the Apache License, Version 2.0 (the "License");
#include <stdlib.h>
#include <stdio.h>
+#include <stdint.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <sys/socket.h>
#include "afb-cred.h"
+#include "afb-context.h"
+#include "afb-token.h"
#include "verbose.h"
void afb_cred_unref(struct afb_cred *cred)
{
if (cred && !__atomic_sub_fetch(&cred->refcount, 1, __ATOMIC_RELAXED)) {
- if (cred != current)
- free(cred);
- else
+ if (cred == current)
cred->refcount = 1;
+ else {
+ free((void*)cred->exported);
+ free(cred);
+ }
}
}
return cred;
}
-struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const char *context, const char *exported)
+struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, struct afb_context *context, const char *exported)
{
struct afb_cred *imported;
return afb_cred_addref(cred);
}
+/*********************************************************************************/
+static const char *token_of_context(struct afb_context *context)
+{
+ return context && context->token ? afb_token_string(context->token) : "X";
+}
+
/*********************************************************************************/
#ifdef BACKEND_PERMISSION_IS_CYNARA
static cynara *handle;
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
-int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context)
+int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context)
{
int rc;
}
/* query cynara permission */
- rc = cynara_check(handle, cred->label, context ?: "", cred->user, permission);
+ rc = cynara_check(handle, cred->label, token_of_context(context), cred->user, permission);
pthread_mutex_unlock(&mutex);
return rc == CYNARA_API_ACCESS_ALLOWED;
/*********************************************************************************/
#else
-int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context)
+int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context)
{
WARNING("Granting permission %s by default of backend", permission ?: "(null)");
return !!permission;