aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2017-05-10 19:32:18 +0200
committerJosé Bollo <jose.bollo@iot.bzh>2017-05-11 15:29:50 +0200
commitb56b68b16b307df81eddf9705ead59198d75b7bd (patch)
tree91d64b43c216f612010d8add269adf9ec730d5bf
parent1d24a50bda149604760cdc1fd53f65b988c61f0c (diff)
Compiles for cynara if present
Change-Id: If8ef53f8a0a57bf6d19b0da3d13a7794a8d0eef9 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r--src/CMakeLists.txt9
-rw-r--r--src/afb-auth.c30
2 files changed, 31 insertions, 8 deletions
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 2f97fd1b..11d9542b 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -44,9 +44,14 @@ ENDIF(NOT HAVE_LIBMAGIC)
ADD_DEFINITIONS(-DUSE_MAGIC_MIME_TYPE)
PKG_CHECK_MODULES(libsystemd REQUIRED libsystemd>=222)
-PKG_CHECK_MODULES(libmicrohttpd REQUIRED libmicrohttpd>=0.9.48)
+PKG_CHECK_MODULES(libmicrohttpd REQUIRED libmicrohttpd>=0.9.54)
PKG_CHECK_MODULES(openssl REQUIRED openssl)
PKG_CHECK_MODULES(uuid REQUIRED uuid)
+PKG_CHECK_MODULES(cynara cynara-client)
+
+IF(cynara_FOUND)
+ ADD_DEFINITIONS(-DBACKEND_PERMISSION_IS_CYNARA)
+ENDIF(cynara_FOUND)
INCLUDE_DIRECTORIES(
${include_dirs}
@@ -54,6 +59,7 @@ INCLUDE_DIRECTORIES(
${libmicrohttpd_INCLUDE_DIRS}
${uuid_INCLUDE_DIRS}
${openssl_INCLUDE_DIRS}
+ ${cynara_INCLUDE_DIRS}
)
ADD_LIBRARY(afb-lib STATIC
@@ -107,6 +113,7 @@ TARGET_LINK_LIBRARIES(afb-daemon
${libmicrohttpd_LIBRARIES}
${uuid_LIBRARIES}
${openssl_LIBRARIES}
+ ${cynara_LIBRARIES}
-lmagic
-ldl
-lrt
diff --git a/src/afb-auth.c b/src/afb-auth.c
index fc62bd59..82e6fd21 100644
--- a/src/afb-auth.c
+++ b/src/afb-auth.c
@@ -26,6 +26,7 @@
#include "afb-auth.h"
#include "afb-context.h"
#include "afb-xreq.h"
+#include "afb-cred.h"
#include "verbose.h"
static int check_permission(const char *permission, struct afb_xreq *xreq);
@@ -60,29 +61,44 @@ int afb_auth_check(const struct afb_auth *auth, struct afb_xreq *xreq)
}
}
+/*********************************************************************************/
#ifdef BACKEND_PERMISSION_IS_CYNARA
+
+#include <pthread.h>
#include <cynara-client.h>
+
+static cynara *handle;
+static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
+
static int check_permission(const char *permission, struct afb_xreq *xreq)
{
- static cynara *cynara;
- char uid[64];
int rc;
- if (!cynara) {
- rc = cynara_initialize(&cynara, NULL);
+ /* cynara isn't reentrant */
+ pthread_mutex_lock(&mutex);
+
+ /* lazy initialisation */
+ if (!handle) {
+ rc = cynara_initialize(&handle, NULL);
if (rc != CYNARA_API_SUCCESS) {
- cynara = NULL;
+ handle = NULL;
ERROR("cynara initialisation failed with code %d", rc);
return 0;
}
}
- rc = cynara_check(cynara, cred->label, afb_context_uuid(&xreq->context), xreq->cred->user, permission);
+
+ /* query cynara permission */
+ rc = cynara_check(handle, xreq->cred->label, afb_context_uuid(&xreq->context), xreq->cred->user, permission);
+
+ pthread_mutex_unlock(&mutex);
return rc == CYNARA_API_ACCESS_ALLOWED;
}
+
+/*********************************************************************************/
#else
static int check_permission(const char *permission, struct afb_xreq *xreq)
{
- WARNING("Granting permission %s by default", permission);
+ WARNING("Granting permission %s by default of backend", permission);
return 1;
}
#endif