diff options
| author |   José Bollo <jose.bollo@iot.bzh> | 2017-05-10 19:32:18 +0200 |
|---|---|---|
| committer | José Bollo <jose.bollo@iot.bzh> | 2017-05-11 15:29:50 +0200 |
| commit | b56b68b16b307df81eddf9705ead59198d75b7bd (patch) | |
| tree | 91d64b43c216f612010d8add269adf9ec730d5bf | |
| parent | 1d24a50bda149604760cdc1fd53f65b988c61f0c (diff) | |
Compiles for cynara if present
Change-Id: If8ef53f8a0a57bf6d19b0da3d13a7794a8d0eef9
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
| -rw-r--r-- | src/CMakeLists.txt | 9 | ||||
| -rw-r--r-- | src/afb-auth.c | 30 |
2 files changed, 31 insertions, 8 deletions
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 2f97fd1b..11d9542b 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -44,9 +44,14 @@ ENDIF(NOT HAVE_LIBMAGIC) ADD_DEFINITIONS(-DUSE_MAGIC_MIME_TYPE) PKG_CHECK_MODULES(libsystemd REQUIRED libsystemd>=222) -PKG_CHECK_MODULES(libmicrohttpd REQUIRED libmicrohttpd>=0.9.48) +PKG_CHECK_MODULES(libmicrohttpd REQUIRED libmicrohttpd>=0.9.54) PKG_CHECK_MODULES(openssl REQUIRED openssl) PKG_CHECK_MODULES(uuid REQUIRED uuid) +PKG_CHECK_MODULES(cynara cynara-client) + +IF(cynara_FOUND) + ADD_DEFINITIONS(-DBACKEND_PERMISSION_IS_CYNARA) +ENDIF(cynara_FOUND) INCLUDE_DIRECTORIES( ${include_dirs} @@ -54,6 +59,7 @@ INCLUDE_DIRECTORIES( ${libmicrohttpd_INCLUDE_DIRS} ${uuid_INCLUDE_DIRS} ${openssl_INCLUDE_DIRS} + ${cynara_INCLUDE_DIRS} ) ADD_LIBRARY(afb-lib STATIC @@ -107,6 +113,7 @@ TARGET_LINK_LIBRARIES(afb-daemon ${libmicrohttpd_LIBRARIES} ${uuid_LIBRARIES} ${openssl_LIBRARIES} + ${cynara_LIBRARIES} -lmagic -ldl -lrt diff --git a/src/afb-auth.c b/src/afb-auth.c index fc62bd59..82e6fd21 100644 --- a/src/afb-auth.c +++ b/src/afb-auth.c @@ -26,6 +26,7 @@ #include "afb-auth.h" #include "afb-context.h" #include "afb-xreq.h" +#include "afb-cred.h" #include "verbose.h" static int check_permission(const char *permission, struct afb_xreq *xreq); @@ -60,29 +61,44 @@ int afb_auth_check(const struct afb_auth *auth, struct afb_xreq *xreq) } } +/*********************************************************************************/ #ifdef BACKEND_PERMISSION_IS_CYNARA + +#include <pthread.h> #include <cynara-client.h> + +static cynara *handle; +static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; + static int check_permission(const char *permission, struct afb_xreq *xreq) { - static cynara *cynara; - char uid[64]; int rc; - if (!cynara) { - rc = cynara_initialize(&cynara, NULL); + /* cynara isn't reentrant */ + pthread_mutex_lock(&mutex); + + /* lazy initialisation */ + if (!handle) { + rc = cynara_initialize(&handle, NULL); if (rc != CYNARA_API_SUCCESS) { - cynara = NULL; + handle = NULL; ERROR("cynara initialisation failed with code %d", rc); return 0; } } - rc = cynara_check(cynara, cred->label, afb_context_uuid(&xreq->context), xreq->cred->user, permission); + + /* query cynara permission */ + rc = cynara_check(handle, xreq->cred->label, afb_context_uuid(&xreq->context), xreq->cred->user, permission); + + pthread_mutex_unlock(&mutex); return rc == CYNARA_API_ACCESS_ALLOWED; } + +/*********************************************************************************/ #else static int check_permission(const char *permission, struct afb_xreq *xreq) { - WARNING("Granting permission %s by default", permission); + WARNING("Granting permission %s by default of backend", permission); return 1; } #endif |