diff options
-rw-r--r-- | src/afb-auth.c | 16 | ||||
-rw-r--r-- | src/afb-auth.h | 2 | ||||
-rw-r--r-- | src/afb-xreq.c | 2 |
3 files changed, 10 insertions, 10 deletions
diff --git a/src/afb-auth.c b/src/afb-auth.c index 900ec4c6..5c62f9f7 100644 --- a/src/afb-auth.c +++ b/src/afb-auth.c @@ -29,9 +29,9 @@ #include "afb-cred.h" #include "verbose.h" -static int check_permission(const char *permission, struct afb_xreq *xreq); +static int check_permission(struct afb_xreq *xreq, const char *permission); -int afb_auth_check(const struct afb_auth *auth, struct afb_xreq *xreq) +int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth) { switch (auth->type) { default: @@ -46,18 +46,18 @@ int afb_auth_check(const struct afb_auth *auth, struct afb_xreq *xreq) case afb_auth_Permission: if (xreq->cred && auth->text) - return check_permission(auth->text, xreq); + return check_permission(xreq, auth->text); /* TODO: handle case of self permission */ return 1; case afb_auth_Or: - return afb_auth_check(auth->first, xreq) || afb_auth_check(auth->next, xreq); + return afb_auth_check(xreq, auth->first) || afb_auth_check(xreq, auth->next); case afb_auth_And: - return afb_auth_check(auth->first, xreq) && afb_auth_check(auth->next, xreq); + return afb_auth_check(xreq, auth->first) && afb_auth_check(xreq, auth->next); case afb_auth_Not: - return !afb_auth_check(auth->first, xreq); + return !afb_auth_check(xreq, auth->first); case afb_auth_Yes: return 1; @@ -73,7 +73,7 @@ int afb_auth_check(const struct afb_auth *auth, struct afb_xreq *xreq) static cynara *handle; static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; -static int check_permission(const char *permission, struct afb_xreq *xreq) +static int check_permission(struct afb_xreq *xreq, const char *permission) { int rc; @@ -99,7 +99,7 @@ static int check_permission(const char *permission, struct afb_xreq *xreq) /*********************************************************************************/ #else -static int check_permission(const char *permission, struct afb_xreq *xreq) +static int check_permission(struct afb_xreq *xreq, const char *permission) { WARNING("Granting permission %s by default of backend", permission); return 1; diff --git a/src/afb-auth.h b/src/afb-auth.h index 75e5d56e..786f3970 100644 --- a/src/afb-auth.h +++ b/src/afb-auth.h @@ -20,4 +20,4 @@ struct afb_auth; struct afb_xreq; -extern int afb_auth_check(const struct afb_auth *auth, struct afb_xreq *xreq); +extern int afb_auth_check(struct afb_xreq *xreq, const struct afb_auth *auth); diff --git a/src/afb-xreq.c b/src/afb-xreq.c index d021c528..8c7a38d5 100644 --- a/src/afb-xreq.c +++ b/src/afb-xreq.c @@ -823,7 +823,7 @@ static int xreq_session_check_apply_v2(struct afb_xreq *xreq, uint32_t sessionfl return -1; } - if (auth && !afb_auth_check(auth, xreq)) { + if (auth && !afb_auth_check(xreq, auth)) { afb_xreq_fail_f(xreq, "denied", "authorisation refused"); errno = EPERM; return -1; |