Tokens are now object used in the context.
Bug-AGL: SPEC-2968
Change-Id: I107d31732202b7b1172afaf09f3a52470f050d7c
Signed-off-by: Jose Bollo <jose.bollo@iot.bzh>
/* fulfill the request and emit it */
dreq->xreq.context.flags = flags;
- dreq->xreq.cred = afb_cred_mixed_on_behalf_import(listener->origin->cred, uuid, creds && creds[0] ? creds : NULL);
+ dreq->xreq.cred = afb_cred_mixed_on_behalf_import(listener->origin->cred, &dreq->xreq.context, creds && creds[0] ? creds : NULL);
dreq->message = sd_bus_message_ref(message);
dreq->json = json_tokener_parse_verbose(dreq->request, &jerr);
if (jerr != json_tokener_success) {
int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission)
{
- return afb_cred_has_permission(xreq->cred, permission, afb_context_uuid(&xreq->context));
+ return afb_cred_has_permission(xreq->cred, permission, &xreq->context);
}
/*********************************************************************************/
const char *afb_context_uuid(struct afb_context *context)
{
- return context->session ? afb_session_uuid(context->session) : "";
+ return context->session ? afb_session_uuid(context->session) : NULL;
}
void *afb_context_make(struct afb_context *context, int replace, void *(*make_value)(void *closure), void (*free_value)(void *item), void *closure)
#include <stdlib.h>
#include <stdio.h>
+#include <stdint.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include <sys/socket.h>
#include "afb-cred.h"
+#include "afb-context.h"
+#include "afb-token.h"
#include "verbose.h"
return cred;
}
-struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const char *context, const char *exported)
+struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, struct afb_context *context, const char *exported)
{
struct afb_cred *imported;
return afb_cred_addref(cred);
}
+/*********************************************************************************/
+static const char *token_of_context(struct afb_context *context)
+{
+ return context && context->token ? afb_token_string(context->token) : "X";
+}
+
/*********************************************************************************/
#ifdef BACKEND_PERMISSION_IS_CYNARA
static cynara *handle;
static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
-int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context)
+int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context)
{
int rc;
}
/* query cynara permission */
- rc = cynara_check(handle, cred->label, context ?: "", cred->user, permission);
+ rc = cynara_check(handle, cred->label, token_of_context(context), cred->user, permission);
pthread_mutex_unlock(&mutex);
return rc == CYNARA_API_ACCESS_ALLOWED;
/*********************************************************************************/
#else
-int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context)
+int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context)
{
WARNING("Granting permission %s by default of backend", permission ?: "(null)");
return !!permission;
#include <sys/types.h>
+struct afb_context;
+
struct afb_cred
{
int refcount;
extern struct afb_cred *afb_cred_addref(struct afb_cred *cred);
extern void afb_cred_unref(struct afb_cred *cred);
-extern int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context);
+extern int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context);
extern const char *afb_cred_export(struct afb_cred *cred);
extern struct afb_cred *afb_cred_import(const char *string);
-extern struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const char *context, const char *exported);
+extern struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, struct afb_context *context, const char *exported);
afb_session_set_autoclose(wreq->xreq.context.session, 1);
/* makes the call */
- wreq->xreq.cred = afb_cred_mixed_on_behalf_import(stubws->cred, sessionid, user_creds);
+ wreq->xreq.cred = afb_cred_mixed_on_behalf_import(stubws->cred, &wreq->xreq.context, user_creds);
wreq->xreq.request.called_api = stubws->apiname;
wreq->xreq.request.called_verb = verb;
wreq->xreq.json = args;
json_object_object_add(r, "id", json_object_new_string(xreq->cred->id));
}
if (xreq->context.session) {
- json_object_object_add(r, "uuid", json_object_new_string(afb_context_uuid(&xreq->context)));
+ json_object_object_add(r, "uuid", json_object_new_string(afb_context_uuid(&xreq->context)?:""));
json_object_object_add(r, "LOA", json_object_new_int(afb_context_get_loa(&xreq->context)));
}
return r;