diff options
author | José Bollo <jose.bollo@iot.bzh> | 2019-11-29 18:41:59 +0100 |
---|---|---|
committer | José Bollo <jose.bollo@iot.bzh> | 2019-12-03 18:51:51 +0100 |
commit | 354dfe503ca992a0233ae5c35350d7fd6d5521f6 (patch) | |
tree | b66bcec899d7c2f4572a5b6465193f0e21271ef1 /src/afb-perm.c | |
parent | 36094f94483ab8ea878d64020983eb8416a33ae2 (diff) |
afb-perm: separate access to permission db
Access to permission database is better handled
in a separate file. It will afterward evolve to
integrate cynagora.
Bug-AGL: SPEC-2968
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Change-Id: Iebcd4e227e3e6c318029926499afb9d41d3f72c7
Diffstat (limited to 'src/afb-perm.c')
-rw-r--r-- | src/afb-perm.c | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/src/afb-perm.c b/src/afb-perm.c new file mode 100644 index 00000000..e3fab4b6 --- /dev/null +++ b/src/afb-perm.c @@ -0,0 +1,93 @@ +/* + * Copyright (C) 2017-2019 "IoT.bzh" + * Author: José Bollo <jose.bollo@iot.bzh> + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <stdint.h> + +#include "afb-context.h" +#include "afb-cred.h" +#include "afb-token.h" +#include "afb-session.h" +#include "verbose.h" + +/*********************************************************************************/ + +static inline const char *session_of_context(struct afb_context *context) +{ + return context->token ? afb_token_string(context->token) + : context->session ? afb_session_uuid(context->session) + : ""; +} + +/*********************************************************************************/ +#ifdef BACKEND_PERMISSION_IS_CYNARA + +#include <pthread.h> +#include <cynara-client.h> + +static cynara *handle; +static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; + +int afb_perm_check(struct afb_context *context, const char *permission) +{ + int rc; + + if (!context->credentials) { + /* case of permission for self */ + return 1; + } + if (!permission) { + ERROR("Got a null permission!"); + return 0; + } + + /* cynara isn't reentrant */ + pthread_mutex_lock(&mutex); + + /* lazy initialisation */ + if (!handle) { + rc = cynara_initialize(&handle, NULL); + if (rc != CYNARA_API_SUCCESS) { + handle = NULL; + ERROR("cynara initialisation failed with code %d", rc); + return 0; + } + } + + /* query cynara permission */ + rc = cynara_check(handle, context->credentials->label, session_of_context(context), context->credentials->user, permission); + + pthread_mutex_unlock(&mutex); + return rc == CYNARA_API_ACCESS_ALLOWED; +} +/*********************************************************************************/ +#else +int afb_perm_check(struct afb_context *context, const char *permission) +{ + NOTICE("Granting permission %s by default of backend", permission ?: "(null)"); + return !!permission; +} +#endif + +void afb_perm_check_async( + struct afb_context *context, + const char *permission, + void (*callback)(void *closure, int status), + void *closure +) +{ + callback(closure, afb_perm_check(context, permission)); +} |