X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fafb-auth.c;h=2f5daf0cf6163adeaa89fc93d26a8553668d5d31;hb=e51d68ddc998f558507217e3c849b16ce94c068f;hp=900ec4c67b0f172fd2f21965e57496e9969e5ad5;hpb=3dbe2d3eeeec9c1d3cf82f41378b306499b9d41b;p=src%2Fapp-framework-binder.git

diff --git a/src/afb-auth.c b/src/afb-auth.c
index 900ec4c6..2f5daf0c 100644
--- a/src/afb-auth.c
+++ b/src/afb-auth.c
@@ -17,7 +17,6 @@
  */
 
 #define _GNU_SOURCE
-#define AFB_BINDING_PRAGMA_NO_VERBOSE_MACRO
 
 #include <stdlib.h>
 
@@ -29,9 +28,7 @@
 #include "afb-cred.h"
 #include "verbose.h"
 
-static int check_permission(const char *permission, struct afb_xreq *xreq);
-
-int afb_auth_check(const struct afb_auth *auth, struct afb_xreq *xreq)
+int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth)
 {
 	switch (auth->type) {
 	default:
@@ -45,19 +42,16 @@ int afb_auth_check(const struct afb_auth *auth, struct afb_xreq *xreq)
 		return afb_context_check_loa(&xreq->context, auth->loa);
 
 	case afb_auth_Permission:
-		if (xreq->cred && auth->text)
-			return check_permission(auth->text, xreq);
-		/* TODO: handle case of self permission */
-		return 1;
+		return afb_auth_has_permission(xreq, auth->text);
 
 	case afb_auth_Or:
-		return afb_auth_check(auth->first, xreq) || afb_auth_check(auth->next, xreq);
+		return afb_auth_check(xreq, auth->first) || afb_auth_check(xreq, auth->next);
 
 	case afb_auth_And:
-		return afb_auth_check(auth->first, xreq) && afb_auth_check(auth->next, xreq);
+		return afb_auth_check(xreq, auth->first) && afb_auth_check(xreq, auth->next);
 
 	case afb_auth_Not:
-		return !afb_auth_check(auth->first, xreq);
+		return !afb_auth_check(xreq, auth->first);
 
 	case afb_auth_Yes:
 		return 1;
@@ -73,10 +67,19 @@ int afb_auth_check(const struct afb_auth *auth, struct afb_xreq *xreq)
 static cynara *handle;
 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
 
-static int check_permission(const char *permission, struct afb_xreq *xreq)
+int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission)
 {
 	int rc;
 
+	if (!xreq->cred) {
+		/* case of permission for self */
+		return 1;
+	}
+	if (!permission) {
+		ERROR("Got a null permission!");
+		return 0;
+	}
+
 	/* cynara isn't reentrant */
 	pthread_mutex_lock(&mutex);
 
@@ -99,10 +102,10 @@ static int check_permission(const char *permission, struct afb_xreq *xreq)
 
 /*********************************************************************************/
 #else
-static int check_permission(const char *permission, struct afb_xreq *xreq)
+int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission)
 {
-	WARNING("Granting permission %s by default of backend", permission);
-	return 1;
+	WARNING("Granting permission %s by default of backend", permission ?: "(null)");
+	return !!permission;
 }
 #endif