/*
- * Copyright (C) 2017, 2018 "IoT.bzh"
+ * Copyright (C) 2015-2020 "IoT.bzh"
* Author: José Bollo <jose.bollo@iot.bzh>
*
* Licensed under the Apache License, Version 2.0 (the "License");
#include <stdlib.h>
#include <stdio.h>
+#include <stdint.h>
#include <unistd.h>
#include <string.h>
#include <errno.h>
#include "afb-cred.h"
#include "verbose.h"
-
#define MAX_LABEL_LENGTH 1024
#if !defined(NO_DEFAULT_PEERCRED) && !defined(ADD_DEFAULT_PEERCRED)
# define DEFAULT_PEERCRED_PID 0 /* no process */
#endif
-static char on_behalf_credential_permission[] = "urn:AGL:permission:*:partner:on-behalf-credentials";
static char export_format[] = "%x:%x:%x-%s";
static char import_format[] = "%x:%x:%x-%n";
}
return cred;
}
-
-struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const char *context, const char *exported)
-
-{
- struct afb_cred *imported;
- if (exported) {
- if (afb_cred_has_permission(cred, on_behalf_credential_permission, context)) {
- imported = afb_cred_import(exported);
- if (imported)
- return imported;
- ERROR("Can't import on behalf credentials: %m");
- } else {
- ERROR("On behalf credentials refused");
- }
- }
- return afb_cred_addref(cred);
-}
-
-/*********************************************************************************/
-#ifdef BACKEND_PERMISSION_IS_CYNARA
-
-#include <pthread.h>
-#include <cynara-client.h>
-
-static cynara *handle;
-static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
-
-int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context)
-{
- int rc;
-
- if (!cred) {
- /* case of permission for self */
- return 1;
- }
- if (!permission) {
- ERROR("Got a null permission!");
- return 0;
- }
-
- /* cynara isn't reentrant */
- pthread_mutex_lock(&mutex);
-
- /* lazy initialisation */
- if (!handle) {
- rc = cynara_initialize(&handle, NULL);
- if (rc != CYNARA_API_SUCCESS) {
- handle = NULL;
- ERROR("cynara initialisation failed with code %d", rc);
- return 0;
- }
- }
-
- /* query cynara permission */
- rc = cynara_check(handle, cred->label, context ?: "", cred->user, permission);
-
- pthread_mutex_unlock(&mutex);
- return rc == CYNARA_API_ACCESS_ALLOWED;
-}
-
-/*********************************************************************************/
-#else
-int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context)
-{
- WARNING("Granting permission %s by default of backend", permission ?: "(null)");
- return !!permission;
-}
-#endif
-
Code Review / src / app-framework-binder.git / blobdiff