From e80c1a7ae27456d546e202b1c498e9337d42ce14 Mon Sep 17 00:00:00 2001 From: Jose Bollo Date: Fri, 15 Nov 2019 16:40:34 +0100 Subject: [PATCH] Use afb_token in contexts Tokens are now object used in the context. Bug-AGL: SPEC-2968 Change-Id: I107d31732202b7b1172afaf09f3a52470f050d7c Signed-off-by: Jose Bollo --- src/afb-api-dbus.c | 2 +- src/afb-auth.c | 2 +- src/afb-context.c | 2 +- src/afb-cred.c | 17 +++++++++++++---- src/afb-cred.h | 6 ++++-- src/afb-stub-ws.c | 2 +- src/afb-xreq.c | 2 +- 7 files changed, 22 insertions(+), 11 deletions(-) diff --git a/src/afb-api-dbus.c b/src/afb-api-dbus.c index 31606be6..76894caa 100644 --- a/src/afb-api-dbus.c +++ b/src/afb-api-dbus.c @@ -981,7 +981,7 @@ static int api_dbus_server_on_object_called(sd_bus_message *message, void *userd /* fulfill the request and emit it */ dreq->xreq.context.flags = flags; - dreq->xreq.cred = afb_cred_mixed_on_behalf_import(listener->origin->cred, uuid, creds && creds[0] ? creds : NULL); + dreq->xreq.cred = afb_cred_mixed_on_behalf_import(listener->origin->cred, &dreq->xreq.context, creds && creds[0] ? creds : NULL); dreq->message = sd_bus_message_ref(message); dreq->json = json_tokener_parse_verbose(dreq->request, &jerr); if (jerr != json_tokener_success) { diff --git a/src/afb-auth.c b/src/afb-auth.c index 90c8ddce..6747c9ee 100644 --- a/src/afb-auth.c +++ b/src/afb-auth.c @@ -62,7 +62,7 @@ int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth) int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission) { - return afb_cred_has_permission(xreq->cred, permission, afb_context_uuid(&xreq->context)); + return afb_cred_has_permission(xreq->cred, permission, &xreq->context); } /*********************************************************************************/ diff --git a/src/afb-context.c b/src/afb-context.c index 4cc2e551..36adebae 100644 --- a/src/afb-context.c +++ b/src/afb-context.c @@ -107,7 +107,7 @@ void afb_context_disconnect(struct afb_context *context) const char *afb_context_uuid(struct afb_context *context) { - return context->session ? afb_session_uuid(context->session) : ""; + return context->session ? afb_session_uuid(context->session) : NULL; } void *afb_context_make(struct afb_context *context, int replace, void *(*make_value)(void *closure), void (*free_value)(void *item), void *closure) diff --git a/src/afb-cred.c b/src/afb-cred.c index 4639fa8e..b6d698e9 100644 --- a/src/afb-cred.c +++ b/src/afb-cred.c @@ -19,6 +19,7 @@ #include #include +#include #include #include #include @@ -27,6 +28,8 @@ #include #include "afb-cred.h" +#include "afb-context.h" +#include "afb-token.h" #include "verbose.h" @@ -219,7 +222,7 @@ struct afb_cred *afb_cred_import(const char *string) return cred; } -struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const char *context, const char *exported) +struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, struct afb_context *context, const char *exported) { struct afb_cred *imported; @@ -236,6 +239,12 @@ struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const ch return afb_cred_addref(cred); } +/*********************************************************************************/ +static const char *token_of_context(struct afb_context *context) +{ + return context && context->token ? afb_token_string(context->token) : "X"; +} + /*********************************************************************************/ #ifdef BACKEND_PERMISSION_IS_CYNARA @@ -245,7 +254,7 @@ struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const ch static cynara *handle; static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; -int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context) +int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context) { int rc; @@ -272,7 +281,7 @@ int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const } /* query cynara permission */ - rc = cynara_check(handle, cred->label, context ?: "", cred->user, permission); + rc = cynara_check(handle, cred->label, token_of_context(context), cred->user, permission); pthread_mutex_unlock(&mutex); return rc == CYNARA_API_ACCESS_ALLOWED; @@ -280,7 +289,7 @@ int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const /*********************************************************************************/ #else -int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context) +int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context) { WARNING("Granting permission %s by default of backend", permission ?: "(null)"); return !!permission; diff --git a/src/afb-cred.h b/src/afb-cred.h index 1ebdf15d..82d0aacb 100644 --- a/src/afb-cred.h +++ b/src/afb-cred.h @@ -19,6 +19,8 @@ #include +struct afb_context; + struct afb_cred { int refcount; @@ -37,10 +39,10 @@ extern struct afb_cred *afb_cred_create_for_socket(int fd); extern struct afb_cred *afb_cred_addref(struct afb_cred *cred); extern void afb_cred_unref(struct afb_cred *cred); -extern int afb_cred_has_permission(struct afb_cred *cred, const char *permission, const char *context); +extern int afb_cred_has_permission(struct afb_cred *cred, const char *permission, struct afb_context *context); extern const char *afb_cred_export(struct afb_cred *cred); extern struct afb_cred *afb_cred_import(const char *string); -extern struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, const char *context, const char *exported); +extern struct afb_cred *afb_cred_mixed_on_behalf_import(struct afb_cred *cred, struct afb_context *context, const char *exported); diff --git a/src/afb-stub-ws.c b/src/afb-stub-ws.c index 3e9ede2f..40addd0b 100644 --- a/src/afb-stub-ws.c +++ b/src/afb-stub-ws.c @@ -530,7 +530,7 @@ static void server_on_call_cb(void *closure, struct afb_proto_ws_call *call, con afb_session_set_autoclose(wreq->xreq.context.session, 1); /* makes the call */ - wreq->xreq.cred = afb_cred_mixed_on_behalf_import(stubws->cred, sessionid, user_creds); + wreq->xreq.cred = afb_cred_mixed_on_behalf_import(stubws->cred, &wreq->xreq.context, user_creds); wreq->xreq.request.called_api = stubws->apiname; wreq->xreq.request.called_verb = verb; wreq->xreq.json = args; diff --git a/src/afb-xreq.c b/src/afb-xreq.c index 85427419..7621b801 100644 --- a/src/afb-xreq.c +++ b/src/afb-xreq.c @@ -320,7 +320,7 @@ static struct json_object *xreq_get_client_info_cb(struct afb_req_x2 *closure) json_object_object_add(r, "id", json_object_new_string(xreq->cred->id)); } if (xreq->context.session) { - json_object_object_add(r, "uuid", json_object_new_string(afb_context_uuid(&xreq->context))); + json_object_object_add(r, "uuid", json_object_new_string(afb_context_uuid(&xreq->context)?:"")); json_object_object_add(r, "LOA", json_object_new_int(afb_context_get_loa(&xreq->context))); } return r; -- 2.16.6