Compiles for cynara if present

Change-Id: If8ef53f8a0a57bf6d19b0da3d13a7794a8d0eef9
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 2f97fd1..11d9542 100644 (file)
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -44,9 +44,14 @@ ENDIF(NOT HAVE_LIBMAGIC)
 ADD_DEFINITIONS(-DUSE_MAGIC_MIME_TYPE)
 
 PKG_CHECK_MODULES(libsystemd REQUIRED libsystemd>=222)
-PKG_CHECK_MODULES(libmicrohttpd REQUIRED libmicrohttpd>=0.9.48)
+PKG_CHECK_MODULES(libmicrohttpd REQUIRED libmicrohttpd>=0.9.54)
 PKG_CHECK_MODULES(openssl REQUIRED openssl)
 PKG_CHECK_MODULES(uuid REQUIRED uuid)
+PKG_CHECK_MODULES(cynara cynara-client)
+
+IF(cynara_FOUND)
+       ADD_DEFINITIONS(-DBACKEND_PERMISSION_IS_CYNARA)
+ENDIF(cynara_FOUND)
 
 INCLUDE_DIRECTORIES(
        ${include_dirs}
@@ -54,6 +59,7 @@ INCLUDE_DIRECTORIES(
        ${libmicrohttpd_INCLUDE_DIRS}
        ${uuid_INCLUDE_DIRS}
        ${openssl_INCLUDE_DIRS}
+       ${cynara_INCLUDE_DIRS}
 )
 
 ADD_LIBRARY(afb-lib STATIC
@@ -107,6 +113,7 @@ TARGET_LINK_LIBRARIES(afb-daemon
        ${libmicrohttpd_LIBRARIES}
        ${uuid_LIBRARIES}
        ${openssl_LIBRARIES}
+       ${cynara_LIBRARIES}
        -lmagic
        -ldl
        -lrt

diff --git a/src/afb-auth.c b/src/afb-auth.c
index fc62bd5..82e6fd2 100644 (file)
--- a/src/afb-auth.c
+++ b/src/afb-auth.c
@@ -26,6 +26,7 @@
 #include "afb-auth.h"
 #include "afb-context.h"
 #include "afb-xreq.h"
+#include "afb-cred.h"
 #include "verbose.h"
 
 static int check_permission(const char *permission, struct afb_xreq *xreq);
@@ -60,29 +61,44 @@ int afb_auth_check(const struct afb_auth *auth, struct afb_xreq *xreq)
        }
 }
 
+/*********************************************************************************/
 #ifdef BACKEND_PERMISSION_IS_CYNARA
+
+#include <pthread.h>
 #include <cynara-client.h>
+
+static cynara *handle;
+static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
+
 static int check_permission(const char *permission, struct afb_xreq *xreq)
 {
-       static cynara *cynara;
-       char uid[64];
        int rc;
 
-       if (!cynara) {
-               rc = cynara_initialize(&cynara, NULL);
+       /* cynara isn't reentrant */
+       pthread_mutex_lock(&mutex);
+
+       /* lazy initialisation */
+       if (!handle) {
+               rc = cynara_initialize(&handle, NULL);
                if (rc != CYNARA_API_SUCCESS) {
-                       cynara = NULL;
+                       handle = NULL;
                        ERROR("cynara initialisation failed with code %d", rc);
                        return 0;
                }
        }
-       rc = cynara_check(cynara, cred->label, afb_context_uuid(&xreq->context), xreq->cred->user, permission);
+
+       /* query cynara permission */
+       rc = cynara_check(handle, xreq->cred->label, afb_context_uuid(&xreq->context), xreq->cred->user, permission);
+
+       pthread_mutex_unlock(&mutex);
        return rc == CYNARA_API_ACCESS_ALLOWED;
 }
+
+/*********************************************************************************/
 #else
 static int check_permission(const char *permission, struct afb_xreq *xreq)
 {
-       WARNING("Granting permission %s by default", permission);
+       WARNING("Granting permission %s by default of backend", permission);
        return 1;
 }
 #endif