diff options
| author | Hans Dedecker <dedeckeh@gmail.com> | 2018-10-03 15:36:17 +0200 |
|---|---|---|
| committer | Hans Dedecker <dedeckeh@gmail.com> | 2018-10-06 20:39:34 +0200 |
| commit | da503db6603732ddee39b4b252d21463bfcefbbc (patch) | |
| tree | b247905832d1cb6f536744e178f2efce7449f6b3 | |
| parent | c035bab01ccbd9efd21d4a3bc9eceb438729e15d (diff) | |
| download | ubus-da503db6603732ddee39b4b252d21463bfcefbbc.tar.gz | |
ubusd_acl: event listen access list support
Adds event listen access list support in ubus via the "listen" keyword
Example of a json file:
{
"user": "superuser",
"listen": [ "network.*" ],
}
Signed-off-by: Koen Dergent <koen.cj.dergent@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
| -rw-r--r-- | ubusd_acl.c | 20 | ||||
| -rw-r--r-- | ubusd_acl.h | 1 | ||||
| -rw-r--r-- | ubusd_event.c | 3 |
3 files changed, 24 insertions, 0 deletions
diff --git a/ubusd_acl.c b/ubusd_acl.c index fc11993..992d0ea 100644 --- a/ubusd_acl.c +++ b/ubusd_acl.c @@ -51,6 +51,7 @@ struct ubusd_acl_obj { struct blob_attr *priv; bool subscribe; bool publish; + bool listen; }; struct ubusd_acl_file { @@ -132,6 +133,11 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj, return 0; break; + case UBUS_ACL_LISTEN: + if (acl->listen) + return 0; + break; + case UBUS_ACL_ACCESS: if (acl->methods) { struct blob_attr *cur; @@ -279,6 +285,13 @@ ubusd_acl_add_publish(struct ubusd_acl_file *file, const char *obj) o->publish = true; } +static void ubusd_acl_add_listen(struct ubusd_acl_file *file, const char *obj) +{ + struct ubusd_acl_obj *o = ubusd_acl_alloc_obj(file, obj); + + o->listen = true; +} + enum { ACL_USER, ACL_GROUP, @@ -286,6 +299,7 @@ enum { ACL_PUBLISH, ACL_SUBSCRIBE, ACL_INHERIT, + ACL_LISTEN, __ACL_MAX }; @@ -296,6 +310,7 @@ static const struct blobmsg_policy acl_policy[__ACL_MAX] = { [ACL_PUBLISH] = { .name = "publish", .type = BLOBMSG_TYPE_ARRAY }, [ACL_SUBSCRIBE] = { .name = "subscribe", .type = BLOBMSG_TYPE_ARRAY }, [ACL_INHERIT] = { .name = "inherit", .type = BLOBMSG_TYPE_ARRAY }, + [ACL_LISTEN] = { .name= "listen", .type = BLOBMSG_TYPE_ARRAY }, }; static void @@ -327,6 +342,11 @@ ubusd_acl_file_add(struct ubusd_acl_file *file) blobmsg_for_each_attr(cur, tb[ACL_PUBLISH], rem) if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) ubusd_acl_add_publish(file, blobmsg_get_string(cur)); + + if (tb[ACL_LISTEN]) + blobmsg_for_each_attr(cur, tb[ACL_LISTEN], rem) + if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) + ubusd_acl_add_listen(file, blobmsg_get_string(cur)); } static void diff --git a/ubusd_acl.h b/ubusd_acl.h index c5dfd8a..a6a6a30 100644 --- a/ubusd_acl.h +++ b/ubusd_acl.h @@ -18,6 +18,7 @@ enum ubusd_acl_type { UBUS_ACL_PUBLISH, UBUS_ACL_SUBSCRIBE, UBUS_ACL_ACCESS, + UBUS_ACL_LISTEN, }; int ubusd_acl_check(struct ubus_client *cl, const char *obj, const char *method, enum ubusd_acl_type type); diff --git a/ubusd_event.c b/ubusd_event.c index f07f826..6e612a1 100644 --- a/ubusd_event.c +++ b/ubusd_event.c @@ -88,6 +88,9 @@ static int ubusd_alloc_event_pattern(struct ubus_client *cl, struct blob_attr *m len--; } + if (pattern[0] && ubusd_acl_check(cl, pattern, NULL, UBUS_ACL_LISTEN)) + return UBUS_STATUS_PERMISSION_DENIED; + ev = calloc(1, sizeof(*ev) + len + 1); if (!ev) return UBUS_STATUS_NO_DATA; |