diff options
| author |   José Bollo <jose.bollo@iot.bzh> | 2019-11-29 11:12:31 +0100 |
|---|---|---|
| committer | José Bollo <jose.bollo@iot.bzh> | 2019-12-03 18:51:51 +0100 |
| commit | b70caad7da2eaea85db06dec8377b1cbebcec997 (patch) | |
| tree | 32e3cfa6b7da57ced019357d8f592b0d90dd7563 /src/afb-auth.c | |
| parent | 98b214e0454f1b55c5ce665bd5c848354d18c9e6 (diff) | |
afb-context: Move credentials to context
The split between context and credentials
in requests was somehow artificial and awkward.
This change move the credentials to the context
and removes as many references to credentials
as possible in favor of working on contexts.
Change the value returned by afb_auth_check to be 1
if validated, 0 or less than zero if not validated.
Bug-AGL: SPEC-2968
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Change-Id: I979dc841e03247e126e3fa8433a1cc0d4108adf0
Diffstat (limited to 'src/afb-auth.c')
| -rw-r--r-- | src/afb-auth.c | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/src/afb-auth.c b/src/afb-auth.c index 01412128..3606b3cb 100644 --- a/src/afb-auth.c +++ b/src/afb-auth.c @@ -30,10 +30,9 @@ #include "afb-auth.h" #include "afb-context.h" #include "afb-xreq.h" -#include "afb-cred.h" #include "verbose.h" -int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth) +int afb_auth_check(struct afb_context *context, const struct afb_auth *auth) { switch (auth->type) { default: @@ -41,39 +40,35 @@ int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth) return 0; case afb_auth_Token: - return afb_context_check(&xreq->context); + return afb_context_check(context); case afb_auth_LOA: - return afb_context_check_loa(&xreq->context, auth->loa); + return afb_context_check_loa(context, auth->loa); case afb_auth_Permission: - return afb_auth_has_permission(xreq, auth->text); + return afb_context_has_permission(context, auth->text); case afb_auth_Or: - return afb_auth_check(xreq, auth->first) || afb_auth_check(xreq, auth->next); + return afb_auth_check(context, auth->first) || afb_auth_check(context, auth->next); case afb_auth_And: - return afb_auth_check(xreq, auth->first) && afb_auth_check(xreq, auth->next); + return afb_auth_check(context, auth->first) && afb_auth_check(context, auth->next); case afb_auth_Not: - return !afb_auth_check(xreq, auth->first); + return !afb_auth_check(context, auth->first); case afb_auth_Yes: return 1; } } -int afb_auth_has_permission(struct afb_xreq *xreq, const char *permission) -{ - return afb_cred_has_permission(xreq->cred, permission, &xreq->context); -} #if WITH_LEGACY_BINDING_V1 int afb_auth_check_and_set_session_x1(struct afb_xreq *xreq, int sessionflags) { int loa; - if ((sessionflags & (AFB_SESSION_CLOSE_X1|AFB_SESSION_RENEW_X1|AFB_SESSION_CHECK_X1|AFB_SESSION_LOA_EQ_X1)) != 0) { + if ((sessionflags & (AFB_SESSION_CLOSE_X1|AFB_SESSION_CHECK_X1|AFB_SESSION_LOA_EQ_X1)) != 0) { if (!afb_context_check(&xreq->context)) { afb_context_close(&xreq->context); return afb_xreq_reply_invalid_token(xreq); @@ -97,11 +92,11 @@ int afb_auth_check_and_set_session_x1(struct afb_xreq *xreq, int sessionflags) afb_context_close(&xreq->context); } - return 0; + return 1; } #endif -int afb_auth_check_and_set_session_x2(struct afb_xreq *xreq, uint32_t sessionflags, const struct afb_auth *auth) +int afb_auth_check_and_set_session_x2(struct afb_xreq *xreq, const struct afb_auth *auth, uint32_t sessionflags) { int loa; @@ -116,13 +111,13 @@ int afb_auth_check_and_set_session_x2(struct afb_xreq *xreq, uint32_t sessionfla if (loa && !afb_context_check_loa(&xreq->context, loa)) return afb_xreq_reply_insufficient_scope(xreq, "invalid LOA"); - if (auth && !afb_auth_check(xreq, auth)) + if (auth && !afb_auth_check(&xreq->context, auth)) return afb_xreq_reply_insufficient_scope(xreq, NULL /* TODO */); if ((sessionflags & AFB_SESSION_CLOSE_X2) != 0) afb_context_close(&xreq->context); - return 0; + return 1; } /*********************************************************************************/ |