afb-context: Move credentials to context

[src/app-framework-binder.git] / src / afb-cred.c

diff --git a/src/afb-cred.c b/src/afb-cred.c
index 4639fa8..b6e6feb 100644 (file)
--- a/src/afb-cred.c
+++ b/src/afb-cred.c
@@ -19,6 +19,7 @@
 
 #include <stdlib.h>
 #include <stdio.h>
+#include <stdint.h>
 #include <unistd.h>
 #include <string.h>
 #include <errno.h>
@@ -27,9 +28,10 @@
 #include <sys/socket.h>
 
 #include "afb-cred.h"
+#include "afb-context.h"
+#include "afb-token.h"
 #include "verbose.h"
 
-
 #define MAX_LABEL_LENGTH  1024
 
 #if !defined(NO_DEFAULT_PEERCRED) && !defined(ADD_DEFAULT_PEERCRED)
@@ -49,7 +51,6 @@
 #  define DEFAULT_PEERCRED_PID 0  /* no process */
 #endif
 
-static char on_behalf_credential_permission[] = "urn:AGL:permission:*:partner:on-behalf-credentials";
 static char export_format[] = "%x:%x:%x-%s";
 static char import_format[] = "%x:%x:%x-%n";
 
@@ -219,21 +220,10 @@ struct afb_cred *afb_cred_import(const char *string)
        return cred;
 }
 
-struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const char *context, const char *exported)
-
+/*********************************************************************************/
+static const char *token_of_context(struct afb_context *context)
 {
-       struct afb_cred *imported;
-       if (exported) {
-               if (afb_cred_has_permission(cred, on_behalf_credential_permission, context)) {
-                       imported = afb_cred_import(exported);
-                       if (imported)
-                               return imported;
-                       ERROR("Can't import on behalf credentials: %m");
-               } else {
-                       ERROR("On behalf credentials refused");
-               }
-       }
-       return afb_cred_addref(cred);
+       return context && context->token ? afb_token_string(context->token) : "X";
 }
 
 /*********************************************************************************/
@@ -245,7 +235,7 @@ struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const ch
 static cynara *handle;
 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
 
-int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context)
+int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context)
 {
        int rc;
 
@@ -272,7 +262,7 @@ int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const
        }
 
        /* query cynara permission */
-       rc = cynara_check(handle, cred->label, context ?: "", cred->user, permission);
+       rc = cynara_check(handle, cred->label, token_of_context(context), cred->user, permission);
 
        pthread_mutex_unlock(&mutex);
        return rc == CYNARA_API_ACCESS_ALLOWED;
@@ -280,7 +270,7 @@ int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const
 
 /*********************************************************************************/
 #else
-int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context)
+int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context)
 {
        WARNING("Granting permission %s by default of backend", permission ?: "(null)");
        return !!permission;