From 354dfe503ca992a0233ae5c35350d7fd6d5521f6 Mon Sep 17 00:00:00 2001 From: José Bollo Date: Fri, 29 Nov 2019 18:41:59 +0100 Subject: afb-perm: separate access to permission db MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Access to permission database is better handled in a separate file. It will afterward evolve to integrate cynagora. Bug-AGL: SPEC-2968 Signed-off-by: José Bollo Change-Id: Iebcd4e227e3e6c318029926499afb9d41d3f72c7 --- src/afb-perm.c | 93 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100644 src/afb-perm.c (limited to 'src/afb-perm.c') diff --git a/src/afb-perm.c b/src/afb-perm.c new file mode 100644 index 00000000..e3fab4b6 --- /dev/null +++ b/src/afb-perm.c @@ -0,0 +1,93 @@ +/* + * Copyright (C) 2017-2019 "IoT.bzh" + * Author: José Bollo + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include "afb-context.h" +#include "afb-cred.h" +#include "afb-token.h" +#include "afb-session.h" +#include "verbose.h" + +/*********************************************************************************/ + +static inline const char *session_of_context(struct afb_context *context) +{ + return context->token ? afb_token_string(context->token) + : context->session ? afb_session_uuid(context->session) + : ""; +} + +/*********************************************************************************/ +#ifdef BACKEND_PERMISSION_IS_CYNARA + +#include +#include + +static cynara *handle; +static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; + +int afb_perm_check(struct afb_context *context, const char *permission) +{ + int rc; + + if (!context->credentials) { + /* case of permission for self */ + return 1; + } + if (!permission) { + ERROR("Got a null permission!"); + return 0; + } + + /* cynara isn't reentrant */ + pthread_mutex_lock(&mutex); + + /* lazy initialisation */ + if (!handle) { + rc = cynara_initialize(&handle, NULL); + if (rc != CYNARA_API_SUCCESS) { + handle = NULL; + ERROR("cynara initialisation failed with code %d", rc); + return 0; + } + } + + /* query cynara permission */ + rc = cynara_check(handle, context->credentials->label, session_of_context(context), context->credentials->user, permission); + + pthread_mutex_unlock(&mutex); + return rc == CYNARA_API_ACCESS_ALLOWED; +} +/*********************************************************************************/ +#else +int afb_perm_check(struct afb_context *context, const char *permission) +{ + NOTICE("Granting permission %s by default of backend", permission ?: "(null)"); + return !!permission; +} +#endif + +void afb_perm_check_async( + struct afb_context *context, + const char *permission, + void (*callback)(void *closure, int status), + void *closure +) +{ + callback(closure, afb_perm_check(context, permission)); +} -- cgit