From 221ce7e7ff1bd1a0c9995fa9d32f58e865f7207f Mon Sep 17 00:00:00 2001
From: Hans Dedecker <dedeckeh@gmail.com>
Date: Wed, 3 Oct 2018 15:36:18 +0200
Subject: ubusd_acl: event send access list support

Adds event send access list support in ubus via the "send" keyword

Example of a json file:
{
	"user": "superuser",
	"send": [ "wireless.*" ],
}

Signed-off-by: Koen Dergent <koen.cj.dergent@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
---
 ubusd_acl.c   | 20 ++++++++++++++++++++
 ubusd_acl.h   |  1 +
 ubusd_event.c |  3 +++
 3 files changed, 24 insertions(+)

diff --git a/ubusd_acl.c b/ubusd_acl.c
index 992d0ea..6257f81 100644
--- a/ubusd_acl.c
+++ b/ubusd_acl.c
@@ -52,6 +52,7 @@ struct ubusd_acl_obj {
 	bool subscribe;
 	bool publish;
 	bool listen;
+	bool send;
 };
 
 struct ubusd_acl_file {
@@ -138,6 +139,11 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj,
 				return 0;
 			break;
 
+		case UBUS_ACL_SEND:
+			if (acl->send)
+				return 0;
+			break;
+
 		case UBUS_ACL_ACCESS:
 			if (acl->methods) {
 				struct blob_attr *cur;
@@ -292,6 +298,13 @@ static void ubusd_acl_add_listen(struct ubusd_acl_file *file, const char *obj)
 	o->listen = true;
 }
 
+static void ubusd_acl_add_send(struct ubusd_acl_file *file, const char *obj)
+{
+	struct ubusd_acl_obj *o = ubusd_acl_alloc_obj(file, obj);
+
+	o->send = true;
+}
+
 enum {
 	ACL_USER,
 	ACL_GROUP,
@@ -300,6 +313,7 @@ enum {
 	ACL_SUBSCRIBE,
 	ACL_INHERIT,
 	ACL_LISTEN,
+	ACL_SEND,
 	__ACL_MAX
 };
 
@@ -311,6 +325,7 @@ static const struct blobmsg_policy acl_policy[__ACL_MAX] = {
 	[ACL_SUBSCRIBE] = { .name = "subscribe", .type = BLOBMSG_TYPE_ARRAY },
 	[ACL_INHERIT] = { .name = "inherit", .type = BLOBMSG_TYPE_ARRAY },
 	[ACL_LISTEN] = { .name= "listen", .type = BLOBMSG_TYPE_ARRAY },
+	[ACL_SEND] = { .name= "send", .type = BLOBMSG_TYPE_ARRAY },
 };
 
 static void
@@ -347,6 +362,11 @@ ubusd_acl_file_add(struct ubusd_acl_file *file)
 		blobmsg_for_each_attr(cur, tb[ACL_LISTEN], rem)
 			if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)
 				ubusd_acl_add_listen(file, blobmsg_get_string(cur));
+
+	if (tb[ACL_SEND])
+		blobmsg_for_each_attr(cur, tb[ACL_SEND], rem)
+			if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)
+				ubusd_acl_add_send(file, blobmsg_get_string(cur));
 }
 
 static void
diff --git a/ubusd_acl.h b/ubusd_acl.h
index a6a6a30..11c8117 100644
--- a/ubusd_acl.h
+++ b/ubusd_acl.h
@@ -19,6 +19,7 @@ enum ubusd_acl_type {
 	UBUS_ACL_SUBSCRIBE,
 	UBUS_ACL_ACCESS,
 	UBUS_ACL_LISTEN,
+	UBUS_ACL_SEND,
 };
 
 int ubusd_acl_check(struct ubus_client *cl, const char *obj, const char *method, enum ubusd_acl_type type);
diff --git a/ubusd_event.c b/ubusd_event.c
index 6e612a1..712e704 100644
--- a/ubusd_event.c
+++ b/ubusd_event.c
@@ -142,6 +142,9 @@ int ubusd_send_event(struct ubus_client *cl, const char *id,
 	struct event_source *ev;
 	int match_len = 0;
 
+	if (ubusd_acl_check(cl, id, NULL, UBUS_ACL_SEND))
+		return UBUS_STATUS_PERMISSION_DENIED;
+
 	obj_event_seq++;
 
 	/*
-- 
cgit v1.2.1