aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2017-09-04 10:34:52 +0200
committerJosé Bollo <jose.bollo@iot.bzh>2017-09-07 09:43:13 +0200
commit91c12808e08fb30e58a3d2e008569933f409d6db (patch)
treef4b94b1b5aa2ebf323aeb9e97d0b3cb0fad1dfc8
parent2f0f452807a35a01d879659adb217e1d9234585d (diff)
afb-auth: improve afb_auth_check_permission
The test was previously done in the caller but because afb_auth_check_permission can now be called by other callers, the test must be relocated. Change-Id: I08a3a92afbe0b4dcfb223335b1e76b2d4aff005f Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r--src/afb-auth.c18
1 files changed, 12 insertions, 6 deletions
diff --git a/src/afb-auth.c b/src/afb-auth.c
index 17d355b0..ff4ff9da 100644
--- a/src/afb-auth.c
+++ b/src/afb-auth.c
@@ -43,10 +43,7 @@ int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth)
return afb_context_check_loa(&xreq->context, auth->loa);
case afb_auth_Permission:
- if (xreq->cred && auth->text)
- return afb_auth_check_permission(xreq, auth->text);
- /* TODO: handle case of self permission */
- return 1;
+ return afb_auth_check_permission(xreq, auth->text);
case afb_auth_Or:
return afb_auth_check(xreq, auth->first) || afb_auth_check(xreq, auth->next);
@@ -75,6 +72,15 @@ int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission)
{
int rc;
+ if (!xreq->cred) {
+ /* case of permission for self */
+ return 1;
+ }
+ if (!permission) {
+ ERROR("Got a null permission!");
+ return 0;
+ }
+
/* cynara isn't reentrant */
pthread_mutex_lock(&mutex);
@@ -99,8 +105,8 @@ int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission)
#else
int afb_auth_check_permission(struct afb_xreq *xreq, const char *permission)
{
- WARNING("Granting permission %s by default of backend", permission);
- return 1;
+ WARNING("Granting permission %s by default of backend", permission ?: "(null)");
+ return !!permission;
}
#endif