diff options
| author |   José Bollo <jose.bollo@iot.bzh> | 2019-11-29 11:12:31 +0100 |
|---|---|---|
| committer | José Bollo <jose.bollo@iot.bzh> | 2019-12-03 18:51:51 +0100 |
| commit | b70caad7da2eaea85db06dec8377b1cbebcec997 (patch) | |
| tree | 32e3cfa6b7da57ced019357d8f592b0d90dd7563 /src/afb-api-dbus.c | |
| parent | 98b214e0454f1b55c5ce665bd5c848354d18c9e6 (diff) | |
afb-context: Move credentials to context
The split between context and credentials
in requests was somehow artificial and awkward.
This change move the credentials to the context
and removes as many references to credentials
as possible in favor of working on contexts.
Change the value returned by afb_auth_check to be 1
if validated, 0 or less than zero if not validated.
Bug-AGL: SPEC-2968
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Change-Id: I979dc841e03247e126e3fa8433a1cc0d4108adf0
Diffstat (limited to 'src/afb-api-dbus.c')
| -rw-r--r-- | src/afb-api-dbus.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/src/afb-api-dbus.c b/src/afb-api-dbus.c index 0ac4f499..04943c6e 100644 --- a/src/afb-api-dbus.c +++ b/src/afb-api-dbus.c @@ -682,6 +682,7 @@ static void init_origin_creds(struct origin *origin) gid_t gid; pid_t pid; const char *context; + struct afb_cred *ocred; rc = sd_bus_get_name_creds(origin->api->sdbus, origin->name, SD_BUS_CREDS_PID|SD_BUS_CREDS_UID|SD_BUS_CREDS_GID|SD_BUS_CREDS_SELINUX_CONTEXT, @@ -689,13 +690,14 @@ static void init_origin_creds(struct origin *origin) if (rc < 0) origin->cred = NULL; else { - afb_cred_unref(origin->cred); sd_bus_creds_get_uid(c, &uid); sd_bus_creds_get_gid(c, &gid); sd_bus_creds_get_pid(c, &pid); sd_bus_creds_get_selinux_context(c, &context); + ocred = origin->cred; origin->cred = afb_cred_create(uid, gid, pid, context); sd_bus_creds_unref(c); + afb_cred_unref(ocred); } } @@ -970,7 +972,7 @@ static int api_dbus_server_on_object_called(sd_bus_message *message, void *userd /* connect to the context */ afb_xreq_init(&dreq->xreq, &afb_api_dbus_xreq_itf); - if (afb_context_connect(&dreq->xreq.context, uuid, NULL) < 0) + if (afb_context_connect(&dreq->xreq.context, uuid, NULL, NULL) < 0) goto out_of_memory; session = dreq->xreq.context.session; @@ -980,8 +982,8 @@ static int api_dbus_server_on_object_called(sd_bus_message *message, void *userd goto out_of_memory; /* fulfill the request and emit it */ - dreq->xreq.context.flags = flags; - dreq->xreq.cred = afb_cred_mixed_on_behalf_import(listener->origin->cred, &dreq->xreq.context, creds && creds[0] ? creds : NULL); + afb_context_change_cred(&dreq->xreq.context, listener->origin->cred); + afb_context_on_behalf_import(&dreq->xreq.context, creds); dreq->message = sd_bus_message_ref(message); dreq->json = json_tokener_parse_verbose(dreq->request, &jerr); if (jerr != json_tokener_success) { |