X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?p=src%2Fapp-framework-binder.git;a=blobdiff_plain;f=src%2Fafb-cred.c;h=09a4803ed46306e80ebfe95a75c5849a3712f158;hp=b7b3175e4082c48121f95df519ae2c9ad0ab818a;hb=65353dce81a629e042800bb7b86fcd869a76727e;hpb=4521c1e7ae5371ab9d639adc617d17fb4e8ded0c diff --git a/src/afb-cred.c b/src/afb-cred.c index b7b3175e..09a4803e 100644 --- a/src/afb-cred.c +++ b/src/afb-cred.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017, 2018 "IoT.bzh" + * Copyright (C) 2015-2020 "IoT.bzh" * Author: José Bollo * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,6 +19,7 @@ #include #include +#include #include #include #include @@ -29,7 +30,6 @@ #include "afb-cred.h" #include "verbose.h" - #define MAX_LABEL_LENGTH 1024 #if !defined(NO_DEFAULT_PEERCRED) && !defined(ADD_DEFAULT_PEERCRED) @@ -49,7 +49,6 @@ # define DEFAULT_PEERCRED_PID 0 /* no process */ #endif -static char on_behalf_credential_permission[] = "urn:AGL:permission:*:partner:on-behalf-credentials"; static char export_format[] = "%x:%x:%x-%s"; static char import_format[] = "%x:%x:%x-%n"; @@ -169,10 +168,12 @@ struct afb_cred *afb_cred_addref(struct afb_cred *cred) void afb_cred_unref(struct afb_cred *cred) { if (cred && !__atomic_sub_fetch(&cred->refcount, 1, __ATOMIC_RELAXED)) { - if (cred != current) - free(cred); - else + if (cred == current) cred->refcount = 1; + else { + free((void*)cred->exported); + free(cred); + } } } @@ -216,72 +217,3 @@ struct afb_cred *afb_cred_import(const char *string) } return cred; } - -struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const char *context, const char *exported) - -{ - struct afb_cred *imported; - if (exported) { - if (afb_cred_has_permission(cred, on_behalf_credential_permission, context)) { - imported = afb_cred_import(exported); - if (imported) - return imported; - ERROR("Can't import on behalf credentials: %m"); - } else { - ERROR("On behalf credentials refused"); - } - } - return afb_cred_addref(cred); -} - -/*********************************************************************************/ -#ifdef BACKEND_PERMISSION_IS_CYNARA - -#include -#include - -static cynara *handle; -static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; - -int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context) -{ - int rc; - - if (!cred) { - /* case of permission for self */ - return 1; - } - if (!permission) { - ERROR("Got a null permission!"); - return 0; - } - - /* cynara isn't reentrant */ - pthread_mutex_lock(&mutex); - - /* lazy initialisation */ - if (!handle) { - rc = cynara_initialize(&handle, NULL); - if (rc != CYNARA_API_SUCCESS) { - handle = NULL; - ERROR("cynara initialisation failed with code %d", rc); - return 0; - } - } - - /* query cynara permission */ - rc = cynara_check(handle, cred->label, context ?: "", cred->user, permission); - - pthread_mutex_unlock(&mutex); - return rc == CYNARA_API_ACCESS_ALLOWED; -} - -/*********************************************************************************/ -#else -int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context) -{ - WARNING("Granting permission %s by default of backend", permission ?: "(null)"); - return !!permission; -} -#endif -