X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fafb-cred.c;h=b6d698e940173c4f43e38c11053eec370778b062;hb=refs%2Fchanges%2F60%2F23160%2F1;hp=b7b3175e4082c48121f95df519ae2c9ad0ab818a;hpb=4521c1e7ae5371ab9d639adc617d17fb4e8ded0c;p=src%2Fapp-framework-binder.git diff --git a/src/afb-cred.c b/src/afb-cred.c index b7b3175e..b6d698e9 100644 --- a/src/afb-cred.c +++ b/src/afb-cred.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017, 2018 "IoT.bzh" + * Copyright (C) 2017-2019 "IoT.bzh" * Author: José Bollo * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,6 +19,7 @@ #include #include +#include #include #include #include @@ -27,6 +28,8 @@ #include #include "afb-cred.h" +#include "afb-context.h" +#include "afb-token.h" #include "verbose.h" @@ -169,10 +172,12 @@ struct afb_cred *afb_cred_addref(struct afb_cred *cred) void afb_cred_unref(struct afb_cred *cred) { if (cred && !__atomic_sub_fetch(&cred->refcount, 1, __ATOMIC_RELAXED)) { - if (cred != current) - free(cred); - else + if (cred == current) cred->refcount = 1; + else { + free((void*)cred->exported); + free(cred); + } } } @@ -217,7 +222,7 @@ struct afb_cred *afb_cred_import(const char *string) return cred; } -struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const char *context, const char *exported) +struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, struct afb_context *context, const char *exported) { struct afb_cred *imported; @@ -234,6 +239,12 @@ struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const ch return afb_cred_addref(cred); } +/*********************************************************************************/ +static const char *token_of_context(struct afb_context *context) +{ + return context && context->token ? afb_token_string(context->token) : "X"; +} + /*********************************************************************************/ #ifdef BACKEND_PERMISSION_IS_CYNARA @@ -243,7 +254,7 @@ struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const ch static cynara *handle; static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; -int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context) +int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context) { int rc; @@ -270,7 +281,7 @@ int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const } /* query cynara permission */ - rc = cynara_check(handle, cred->label, context ?: "", cred->user, permission); + rc = cynara_check(handle, cred->label, token_of_context(context), cred->user, permission); pthread_mutex_unlock(&mutex); return rc == CYNARA_API_ACCESS_ALLOWED; @@ -278,7 +289,7 @@ int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const /*********************************************************************************/ #else -int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context) +int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context) { WARNING("Granting permission %s by default of backend", permission ?: "(null)"); return !!permission;