json_object_put(object);
}
+static void hasperm (afb_req request)
+{
+ const char *perm = afb_req_value(request, "perm");
+ if (afb_req_has_permission(request, perm))
+ afb_req_success_f(request, NULL, "permission %s granted", perm?:"(null)");
+ else
+ afb_req_fail_f(request, "not-granted", "permission %s NOT granted", perm?:"(null)");
+}
+
static int preinit()
{
AFB_NOTICE("hello binding comes to live");
{ .verb="callsync", .callback=callsync },
{ .verb="verbose", .callback=verbose },
{ .verb="broadcast", .callback=broadcast },
+ { .verb="hasperm", .callback=hasperm },
{ .verb="exit", .callback=exitnow },
{ .verb=NULL}
};
void afb_req_verbose(struct afb_req req, int level, const char *file, int line, const char * func, const char *fmt, ...);
```
+The function below allows a binding to check whether a client
+has a permission of not.
+
+```C
+
+/*
+ * Check whether the 'permission' is granted or not to the client
+ * identified by 'req'.
+ *
+ * Returns 1 if the permission is granted or 0 otherwise.
+ */
+int afb_req_has_permission(struct afb_req req, const char *permission);
+```
+
## Logging macros
The following macros must be used for logging:
void (*vverbose)(void *closure, int level, const char *file, int line, const char * func, const char *fmt, va_list args);
struct afb_stored_req *(*store)(void *closure);
void (*subcall_req)(void *closure, const char *api, const char *verb, struct json_object *args, void (*callback)(void*, int, struct json_object*, struct afb_req), void *cb_closure);
+
+ int (*has_permission)(void *closure, const char *permission);
};
/*
#else
#define AFB_REQ_VERBOSE(req,level,...) afb_req_verbose(req,level,NULL,0,NULL,__VA_ARGS__)
#endif
+
+/*
+ * Check whether the 'permission' is granted or not to the client
+ * identified by 'req'.
+ *
+ * Returns 1 if the permission is granted or 0 otherwise.
+ */
+static inline int afb_req_has_permission(struct afb_req req, const char *permission)
+{
+ return req.itf->has_permission(req.closure, permission);
+}
+
return afb_context_check_loa(&xreq->context, auth->loa);
case afb_auth_Permission:
- return afb_auth_check_permission(xreq, auth->text);
+ return afb_auth_has_permission(xreq, auth->text);
case afb_auth_Or:
return afb_auth_check(xreq, auth->first) || afb_auth_check(xreq, auth->next);
static cynara *handle;
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
-int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission)
+int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission)
{
int rc;
/*********************************************************************************/
#else
-int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission)
+int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission)
{
WARNING("Granting permission %s by default of backend", permission ?: "(null)");
return !!permission;
struct afb_xreq;
extern int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth);
-extern int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission);
+extern int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission);
_hook_xreq_(xreq, " ...subcall_req... -> %d: %s", status, json_object_to_json_string(result));
}
+static void hook_xreq_has_permission_default_cb(void *closure, const struct afb_hookid *hookid, const struct afb_xreq *xreq, const char *permission, int result)
+{
+ _hook_xreq_(xreq, "has_permission(%s) -> %d", permission, result);
+}
+
static struct afb_hook_xreq_itf hook_xreq_default_itf = {
.hook_xreq_begin = hook_xreq_begin_default_cb,
.hook_xreq_end = hook_xreq_end_default_cb,
.hook_xreq_store = hook_xreq_store_default_cb,
.hook_xreq_unstore = hook_xreq_unstore_default_cb,
.hook_xreq_subcall_req = hook_xreq_subcall_req_default_cb,
- .hook_xreq_subcall_req_result = hook_xreq_subcall_req_result_default_cb
+ .hook_xreq_subcall_req_result = hook_xreq_subcall_req_result_default_cb,
+ .hook_xreq_has_permission = hook_xreq_has_permission_default_cb
};
/******************************************************************************
_HOOK_XREQ_(subcall_req_result, xreq, status, result);
}
+int afb_hook_xreq_has_permission(const struct afb_xreq *xreq, const char *permission, int result)
+{
+ _HOOK_XREQ_(has_permission, xreq, permission, result);
+ return result;
+}
+
/******************************************************************************
* section: hooking xreqs
*****************************************************************************/
*********************************************************/
/* individual flags */
-#define afb_hook_flag_req_begin 0x000001
-#define afb_hook_flag_req_end 0x000002
-#define afb_hook_flag_req_json 0x000004
-#define afb_hook_flag_req_get 0x000008
-#define afb_hook_flag_req_success 0x000010
-#define afb_hook_flag_req_fail 0x000020
-#define afb_hook_flag_req_context_get 0x000040
-#define afb_hook_flag_req_context_set 0x000080
-#define afb_hook_flag_req_addref 0x000100
-#define afb_hook_flag_req_unref 0x000200
-#define afb_hook_flag_req_session_close 0x000400
-#define afb_hook_flag_req_session_set_LOA 0x000800
-#define afb_hook_flag_req_subscribe 0x001000
-#define afb_hook_flag_req_unsubscribe 0x002000
-#define afb_hook_flag_req_subcall 0x004000
-#define afb_hook_flag_req_subcall_result 0x008000
-#define afb_hook_flag_req_subcallsync 0x010000
-#define afb_hook_flag_req_subcallsync_result 0x020000
-#define afb_hook_flag_req_vverbose 0x040000
-#define afb_hook_flag_req_store 0x080000
-#define afb_hook_flag_req_unstore 0x100000
-#define afb_hook_flag_req_subcall_req 0x200000
-#define afb_hook_flag_req_subcall_req_result 0x400000
+#define afb_hook_flag_req_begin 0x00000001
+#define afb_hook_flag_req_end 0x00000002
+#define afb_hook_flag_req_json 0x00000004
+#define afb_hook_flag_req_get 0x00000008
+#define afb_hook_flag_req_success 0x00000010
+#define afb_hook_flag_req_fail 0x00000020
+#define afb_hook_flag_req_context_get 0x00000040
+#define afb_hook_flag_req_context_set 0x00000080
+#define afb_hook_flag_req_addref 0x00000100
+#define afb_hook_flag_req_unref 0x00000200
+#define afb_hook_flag_req_session_close 0x00000400
+#define afb_hook_flag_req_session_set_LOA 0x00000800
+#define afb_hook_flag_req_subscribe 0x00001000
+#define afb_hook_flag_req_unsubscribe 0x00002000
+#define afb_hook_flag_req_subcall 0x00004000
+#define afb_hook_flag_req_subcall_result 0x00008000
+#define afb_hook_flag_req_subcallsync 0x00010000
+#define afb_hook_flag_req_subcallsync_result 0x00020000
+#define afb_hook_flag_req_vverbose 0x00040000
+#define afb_hook_flag_req_store 0x00080000
+#define afb_hook_flag_req_unstore 0x00100000
+#define afb_hook_flag_req_subcall_req 0x00200000
+#define afb_hook_flag_req_subcall_req_result 0x00400000
+#define afb_hook_flag_req_has_permission 0x00800000
/* common flags */
#define afb_hook_flags_req_life (afb_hook_flag_req_begin|afb_hook_flag_req_end)
/* predefined groups */
#define afb_hook_flags_req_common (afb_hook_flags_req_life|afb_hook_flags_req_args|afb_hook_flags_req_result\
|afb_hook_flags_req_session|afb_hook_flags_req_event|afb_hook_flags_req_subcalls\
- |afb_hook_flag_req_vverbose)
+ |afb_hook_flag_req_vverbose|afb_hook_flag_req_has_permission)
#define afb_hook_flags_req_extra (afb_hook_flags_req_common|afb_hook_flags_req_ref|afb_hook_flags_req_context\
|afb_hook_flags_req_stores)
#define afb_hook_flags_req_all (afb_hook_flags_req_extra)
void (*hook_xreq_unstore)(void *closure, const struct afb_hookid *hookid, const struct afb_xreq *xreq);
void (*hook_xreq_subcall_req)(void *closure, const struct afb_hookid *hookid, const struct afb_xreq *xreq, const char *api, const char *verb, struct json_object *args);
void (*hook_xreq_subcall_req_result)(void *closure, const struct afb_hookid *hookid, const struct afb_xreq *xreq, int status, struct json_object *result);
+ void (*hook_xreq_has_permission)(void *closure, const struct afb_hookid *hookid, const struct afb_xreq *xreq, const char *permission, int result);
};
extern void afb_hook_init_xreq(struct afb_xreq *xreq);
extern void afb_hook_xreq_unstore(const struct afb_xreq *xreq);
extern void afb_hook_xreq_subcall_req(const struct afb_xreq *xreq, const char *api, const char *verb, struct json_object *args);
extern void afb_hook_xreq_subcall_req_result(const struct afb_xreq *xreq, int status, struct json_object *result);
+extern int afb_hook_xreq_has_permission(const struct afb_xreq *xreq, const char *permission, int result);
/*********************************************************
* section hooking ditf (daemon interface)
return closure;
}
+static int xreq_has_permission_cb(void*closure, const char *permission)
+{
+ struct afb_xreq *xreq = closure;
+ return afb_auth_has_permission(xreq, permission);
+}
+
/******************************************************************************/
static struct json_object *xreq_hooked_json_cb(void *closure)
return r;
}
+static int xreq_hooked_has_permission_cb(void*closure, const char *permission)
+{
+ struct afb_xreq *xreq = closure;
+ int r = xreq_has_permission_cb(closure, permission);
+ return afb_hook_xreq_has_permission(xreq, permission, r);
+}
+
/******************************************************************************/
const struct afb_req_itf xreq_itf = {
.subcallsync = xreq_subcallsync_cb,
.vverbose = xreq_vverbose_cb,
.store = xreq_store_cb,
- .subcall_req = xreq_subcall_req_cb
+ .subcall_req = xreq_subcall_req_cb,
+ .has_permission = xreq_has_permission_cb
};
const struct afb_req_itf xreq_hooked_itf = {
.subcallsync = xreq_hooked_subcallsync_cb,
.vverbose = xreq_hooked_vverbose_cb,
.store = xreq_hooked_store_cb,
- .subcall_req = xreq_hooked_subcall_req_cb
+ .subcall_req = xreq_hooked_subcall_req_cb,
+ .has_permission = xreq_hooked_has_permission_cb
};
/******************************************************************************/