X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fafb-auth.c;h=47a98d5a3591c4e8deb0840d0a5440ac076a6727;hb=c8558c8a28966110aa3a356f95d3c60afe32b64a;hp=ff4ff9da212123e32e979a236999ca8c92e65b8b;hpb=91c12808e08fb30e58a3d2e008569933f409d6db;p=src%2Fapp-framework-binder.git diff --git a/src/afb-auth.c b/src/afb-auth.c index ff4ff9da..47a98d5a 100644 --- a/src/afb-auth.c +++ b/src/afb-auth.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2016, 2017 "IoT.bzh" + * Copyright (C) 2016, 2017, 2018 "IoT.bzh" * Author "Fulup Ar Foll" * Author José Bollo * @@ -17,11 +17,12 @@ */ #define _GNU_SOURCE -#define AFB_BINDING_PRAGMA_NO_VERBOSE_MACRO #include +#include #include +#include #include "afb-auth.h" #include "afb-context.h" @@ -43,7 +44,7 @@ int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth) return afb_context_check_loa(&xreq->context, auth->loa); case afb_auth_Permission: - return afb_auth_check_permission(xreq, auth->text); + return afb_auth_has_permission(xreq, auth->text); case afb_auth_Or: return afb_auth_check(xreq, auth->first) || afb_auth_check(xreq, auth->next); @@ -68,7 +69,7 @@ int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth) static cynara *handle; static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; -int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission) +int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission) { int rc; @@ -103,10 +104,97 @@ int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission) /*********************************************************************************/ #else -int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission) +int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission) { WARNING("Granting permission %s by default of backend", permission ?: "(null)"); return !!permission; } #endif +/*********************************************************************************/ + +static struct json_object *addperm(struct json_object *o, struct json_object *x) +{ + struct json_object *a; + + if (!o) + return x; + + if (!json_object_object_get_ex(o, "allOf", &a)) { + a = json_object_new_array(); + json_object_array_add(a, o); + o = json_object_new_object(); + json_object_object_add(o, "allOf", a); + } + json_object_array_add(a, x); + return o; +} + +static struct json_object *addperm_key_val(struct json_object *o, const char *key, struct json_object *val) +{ + struct json_object *x = json_object_new_object(); + json_object_object_add(x, key, val); + return addperm(o, x); +} + +static struct json_object *addperm_key_valstr(struct json_object *o, const char *key, const char *val) +{ + return addperm_key_val(o, key, json_object_new_string(val)); +} + +static struct json_object *addperm_key_valint(struct json_object *o, const char *key, int val) +{ + return addperm_key_val(o, key, json_object_new_int(val)); +} + +static struct json_object *addauth_or_array(struct json_object *o, const struct afb_auth *auth); + +static struct json_object *addauth(struct json_object *o, const struct afb_auth *auth) +{ + switch(auth->type) { + case afb_auth_No: return addperm(o, json_object_new_boolean(0)); + case afb_auth_Token: return addperm_key_valstr(o, "session", "check"); + case afb_auth_LOA: return addperm_key_valint(o, "LOA", auth->loa); + case afb_auth_Permission: return addperm_key_valstr(o, "permission", auth->text); + case afb_auth_Or: return addperm_key_val(o, "anyOf", addauth_or_array(json_object_new_array(), auth)); + case afb_auth_And: return addauth(addauth(o, auth->first), auth->next); + case afb_auth_Not: return addperm_key_val(o, "not", addauth(NULL, auth->first)); + case afb_auth_Yes: return addperm(o, json_object_new_boolean(1)); + } + return o; +} + +static struct json_object *addauth_or_array(struct json_object *o, const struct afb_auth *auth) +{ + if (auth->type != afb_auth_Or) + json_object_array_add(o, addauth(NULL, auth)); + else { + addauth_or_array(o, auth->first); + addauth_or_array(o, auth->next); + } + + return o; +} + +struct json_object *afb_auth_json_v2(const struct afb_auth *auth, int session) +{ + struct json_object *result = NULL; + + if (session & AFB_SESSION_CLOSE_V2) + result = addperm_key_valstr(result, "session", "close"); + + if (session & AFB_SESSION_CHECK_V2) + result = addperm_key_valstr(result, "session", "check"); + + if (session & AFB_SESSION_REFRESH_V2) + result = addperm_key_valstr(result, "token", "refresh"); + + if (session & AFB_SESSION_LOA_MASK_V2) + result = addperm_key_valint(result, "LOA", session & AFB_SESSION_LOA_MASK_V2); + + if (auth) + result = addauth(result, auth); + + return result; +} +