Use afb_token in contexts

author Jose Bollo <jose.bollo@iot.bzh>

Fri, 15 Nov 2019 15:40:34 +0000 (16:40 +0100)

committer José Bollo <jose.bollo@iot.bzh>

Fri, 29 Nov 2019 11:48:17 +0000 (12:48 +0100)
author Jose Bollo <jose.bollo@iot.bzh>
Fri, 15 Nov 2019 15:40:34 +0000 (16:40 +0100)
committer José Bollo <jose.bollo@iot.bzh>
Fri, 29 Nov 2019 11:48:17 +0000 (12:48 +0100)
diff --git a/src/afb-api-dbus.c b/src/afb-api-dbus.c

index 31606be..76894ca 100644 (file)
--- a/src/afb-api-dbus.c
+++ b/src/afb-api-dbus.c
@@ -981,7 +981,7 @@ static int api_dbus_server_on_object_called(sd_bus_message *message, void *userd
  
         /* fulfill the request and emit it */
         dreq->xreq.context.flags = flags;
-       dreq->xreq.cred = afb_cred_mixed_on_behalf_import(listener->origin->cred, uuid, creds && creds[0] ? creds : NULL);
+       dreq->xreq.cred = afb_cred_mixed_on_behalf_import(listener->origin->cred, &dreq->xreq.context, creds && creds[0] ? creds : NULL);
         dreq->message = sd_bus_message_ref(message);
         dreq->json = json_tokener_parse_verbose(dreq->request, &jerr);
         if (jerr != json_tokener_success) {
diff --git a/src/afb-auth.c b/src/afb-auth.c

index 90c8ddc..6747c9e 100644 (file)
--- a/src/afb-auth.c
+++ b/src/afb-auth.c
@@ -62,7 +62,7 @@ int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth)
  
  int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission)
  {
-       return afb_cred_has_permission(xreq->cred, permission, afb_context_uuid(&xreq->context));
+       return afb_cred_has_permission(xreq->cred, permission, &xreq->context);
  }
  
  /*********************************************************************************/
diff --git a/src/afb-context.c b/src/afb-context.c

index 4cc2e55..36adeba 100644 (file)
--- a/src/afb-context.c
+++ b/src/afb-context.c
@@ -107,7 +107,7 @@ void afb_context_disconnect(struct afb_context *context)
  
  const char *afb_context_uuid(struct afb_context *context)
  {
-       return context->session ? afb_session_uuid(context->session) : "";
+       return context->session ? afb_session_uuid(context->session) : NULL;
  }
  
  void *afb_context_make(struct afb_context *context, int replace, void *(*make_value)(void *closure), void (*free_value)(void *item), void *closure)
diff --git a/src/afb-cred.c b/src/afb-cred.c

index 4639fa8..b6d698e 100644 (file)
--- a/src/afb-cred.c
+++ b/src/afb-cred.c
@@ -19,6 +19,7 @@
  
  #include <stdlib.h>
  #include <stdio.h>
+#include <stdint.h>
  #include <unistd.h>
  #include <string.h>
  #include <errno.h>
@@ -27,6 +28,8 @@
  #include <sys/socket.h>
  
  #include "afb-cred.h"
+#include "afb-context.h"
+#include "afb-token.h"
  #include "verbose.h"
  
  
@@ -219,7 +222,7 @@ struct afb_cred *afb_cred_import(const char *string)
         return cred;
  }
  
-struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const char *context, const char *exported)
+struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, struct afb_context *context, const char *exported)
  
  {
         struct afb_cred *imported;
@@ -236,6 +239,12 @@ struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const ch
         return afb_cred_addref(cred);
  }
  
+/*********************************************************************************/
+static const char *token_of_context(struct afb_context *context)
+{
+       return context && context->token ? afb_token_string(context->token) : "X";
+}
+
  /*********************************************************************************/
  #ifdef BACKEND_PERMISSION_IS_CYNARA
  
@@ -245,7 +254,7 @@ struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const ch
  static cynara *handle;
  static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
  
-int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context)
+int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context)
  {
         int rc;
  
@@ -272,7 +281,7 @@ int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const
         }
  
         /* query cynara permission */
-       rc = cynara_check(handle, cred->label, context ?: "", cred->user, permission);
+       rc = cynara_check(handle, cred->label, token_of_context(context), cred->user, permission);
  
         pthread_mutex_unlock(&mutex);
         return rc == CYNARA_API_ACCESS_ALLOWED;
@@ -280,7 +289,7 @@ int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const
  
  /*********************************************************************************/
  #else
-int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context)
+int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context)
  {
         WARNING("Granting permission %s by default of backend", permission ?: "(null)");
         return !!permission;
diff --git a/src/afb-cred.h b/src/afb-cred.h

index 1ebdf15..82d0aac 100644 (file)
--- a/src/afb-cred.h
+++ b/src/afb-cred.h
@@ -19,6 +19,8 @@
  
  #include <sys/types.h>
  
+struct afb_context;
+
  struct afb_cred
  {
         int refcount;
@@ -37,10 +39,10 @@ extern struct afb_cred *afb_cred_create_for_socket(int fd);
  extern struct afb_cred *afb_cred_addref(struct afb_cred *cred);
  extern void afb_cred_unref(struct afb_cred *cred);
  
-extern int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context);
+extern int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context);
  
  extern const char *afb_cred_export(struct afb_cred *cred);
  extern struct afb_cred *afb_cred_import(const char *string);
  
-extern struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const char *context, const char *exported);
+extern struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, struct afb_context *context, const char *exported);
  
diff --git a/src/afb-stub-ws.c b/src/afb-stub-ws.c

index 3e9ede2..40addd0 100644 (file)
--- a/src/afb-stub-ws.c
+++ b/src/afb-stub-ws.c
@@ -530,7 +530,7 @@ static void server_on_call_cb(void *closure, struct afb_proto_ws_call *call, con
                 afb_session_set_autoclose(wreq->xreq.context.session, 1);
  
         /* makes the call */
-       wreq->xreq.cred = afb_cred_mixed_on_behalf_import(stubws->cred, sessionid, user_creds);
+       wreq->xreq.cred = afb_cred_mixed_on_behalf_import(stubws->cred, &wreq->xreq.context, user_creds);
         wreq->xreq.request.called_api = stubws->apiname;
         wreq->xreq.request.called_verb = verb;
         wreq->xreq.json = args;
diff --git a/src/afb-xreq.c b/src/afb-xreq.c

index 8542741..7621b80 100644 (file)
--- a/src/afb-xreq.c
+++ b/src/afb-xreq.c
@@ -320,7 +320,7 @@ static struct json_object *xreq_get_client_info_cb(struct afb_req_x2 *closure)
                 json_object_object_add(r, "id", json_object_new_string(xreq->cred->id));
         }
         if (xreq->context.session) {
-               json_object_object_add(r, "uuid", json_object_new_string(afb_context_uuid(&xreq->context)));
+               json_object_object_add(r, "uuid", json_object_new_string(afb_context_uuid(&xreq->context)?:""));
                 json_object_object_add(r, "LOA", json_object_new_int(afb_context_get_loa(&xreq->context)));
         }
         return r;
author	Jose Bollo <jose.bollo@iot.bzh>
	Fri, 15 Nov 2019 15:40:34 +0000 (16:40 +0100)
committer	José Bollo <jose.bollo@iot.bzh>
	Fri, 29 Nov 2019 11:48:17 +0000 (12:48 +0100)
src/afb-api-dbus.c		patch \| blob \| history
src/afb-auth.c		patch \| blob \| history
src/afb-context.c		patch \| blob \| history
src/afb-cred.c		patch \| blob \| history
src/afb-cred.h		patch \| blob \| history
src/afb-stub-ws.c		patch \| blob \| history
src/afb-xreq.c		patch \| blob \| history