X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fafb-auth.c;h=a5ad0ea4c539a32ea93eb6b1052c80ac7a4b9719;hb=366efa1adaafbe996a03a98a73f149cb4fc56c26;hp=17d355b04ac74b680ff97b1509181d242a55e9c3;hpb=2f0f452807a35a01d879659adb217e1d9234585d;p=src%2Fapp-framework-binder.git

diff --git a/src/afb-auth.c b/src/afb-auth.c
index 17d355b0..a5ad0ea4 100644
--- a/src/afb-auth.c
+++ b/src/afb-auth.c
@@ -17,11 +17,12 @@
  */
 
 #define _GNU_SOURCE
-#define AFB_BINDING_PRAGMA_NO_VERBOSE_MACRO
 
 #include <stdlib.h>
 
+#include <json-c/json.h>
 #include <afb/afb-auth.h>
+#include <afb/afb-session-v2.h>
 
 #include "afb-auth.h"
 #include "afb-context.h"
@@ -43,10 +44,7 @@ int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth)
 		return afb_context_check_loa(&xreq->context, auth->loa);
 
 	case afb_auth_Permission:
-		if (xreq->cred && auth->text)
-			return afb_auth_check_permission(xreq, auth->text);
-		/* TODO: handle case of self permission */
-		return 1;
+		return afb_auth_has_permission(xreq, auth->text);
 
 	case afb_auth_Or:
 		return afb_auth_check(xreq, auth->first) || afb_auth_check(xreq, auth->next);
@@ -71,10 +69,19 @@ int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth)
 static cynara *handle;
 static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
 
-int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission)
+int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission)
 {
 	int rc;
 
+	if (!xreq->cred) {
+		/* case of permission for self */
+		return 1;
+	}
+	if (!permission) {
+		ERROR("Got a null permission!");
+		return 0;
+	}
+
 	/* cynara isn't reentrant */
 	pthread_mutex_lock(&mutex);
 
@@ -97,10 +104,97 @@ int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission)
 
 /*********************************************************************************/
 #else
-int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission)
+int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission)
 {
-	WARNING("Granting permission %s by default of backend", permission);
-	return 1;
+	WARNING("Granting permission %s by default of backend", permission ?: "(null)");
+	return !!permission;
 }
 #endif
 
+/*********************************************************************************/
+
+static struct json_object *addperm(struct json_object *o, struct json_object *x)
+{
+	struct json_object *a;
+
+	if (!o)
+		return x;
+
+	if (!json_object_object_get_ex(o, "allOf", &a)) {
+		a = json_object_new_array();
+		json_object_array_add(a, o);
+		o = json_object_new_object();
+		json_object_object_add(o, "allOf", a);
+	}
+	json_object_array_add(a, x);
+	return o;
+}
+
+static struct json_object *addperm_key_val(struct json_object *o, const char *key, struct json_object *val)
+{
+	struct json_object *x = json_object_new_object();
+	json_object_object_add(x, key, val);
+	return addperm(o, x);
+}
+
+static struct json_object *addperm_key_valstr(struct json_object *o, const char *key, const char *val)
+{
+	return addperm_key_val(o, key, json_object_new_string(val));
+}
+
+static struct json_object *addperm_key_valint(struct json_object *o, const char *key, int val)
+{
+	return addperm_key_val(o, key, json_object_new_int(val));
+}
+
+static struct json_object *addauth_or_array(struct json_object *o, const struct afb_auth *auth);
+
+static struct json_object *addauth(struct json_object *o, const struct afb_auth *auth)
+{
+	switch(auth->type) {
+	case afb_auth_No: return addperm(o, json_object_new_boolean(0));
+	case afb_auth_Token: return addperm_key_valstr(o, "session", "check");
+	case afb_auth_LOA: return addperm_key_valint(o, "LOA", auth->loa);
+	case afb_auth_Permission: return addperm_key_valstr(o, "permission", auth->text);
+	case afb_auth_Or: return addperm_key_val(o, "anyOf", addauth_or_array(json_object_new_array(), auth));
+	case afb_auth_And: return addauth(addauth(o, auth->first), auth->next);
+	case afb_auth_Not: return addperm_key_val(o, "not", addauth(NULL, auth->first));
+	case afb_auth_Yes: return addperm(o, json_object_new_boolean(1));
+	}
+	return o;
+}
+
+static struct json_object *addauth_or_array(struct json_object *o, const struct afb_auth *auth)
+{
+	if (auth->type != afb_auth_Or)
+		json_object_array_add(o, addauth(NULL, auth));
+	else {
+		addauth_or_array(o, auth->first);
+		addauth_or_array(o, auth->next);
+	}
+
+	return o;
+}
+
+struct json_object *afb_auth_json_v2(const struct afb_auth *auth, int session)
+{
+	struct json_object *result = NULL;
+
+	if (session & AFB_SESSION_CLOSE_V2)
+		result = addperm_key_valstr(result, "session", "close");
+
+	if (session & AFB_SESSION_CHECK_V2)
+		result = addperm_key_valstr(result, "session", "check");
+
+	if (session & AFB_SESSION_REFRESH_V2)
+		result = addperm_key_valstr(result, "token", "refresh");
+
+	if (session & AFB_SESSION_LOA_MASK_V2)
+		result = addperm_key_valint(result, "LOA", session & AFB_SESSION_LOA_MASK_V2);
+
+	if (auth)
+		result = addauth(result, auth);
+
+	return result;
+}
+