From da503db6603732ddee39b4b252d21463bfcefbbc Mon Sep 17 00:00:00 2001
From: Hans Dedecker <dedeckeh@gmail.com>
Date: Wed, 3 Oct 2018 15:36:17 +0200
Subject: ubusd_acl: event listen access list support

Adds event listen access list support in ubus via the "listen" keyword

Example of a json file:

{
    "user": "superuser",
    "listen": [ "network.*" ],
}

Signed-off-by: Koen Dergent <koen.cj.dergent@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
---
 ubusd_acl.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'ubusd_acl.c')

diff --git a/ubusd_acl.c b/ubusd_acl.c
index fc11993..992d0ea 100644
--- a/ubusd_acl.c
+++ b/ubusd_acl.c
@@ -51,6 +51,7 @@ struct ubusd_acl_obj {
 	struct blob_attr *priv;
 	bool subscribe;
 	bool publish;
+	bool listen;
 };
 
 struct ubusd_acl_file {
@@ -132,6 +133,11 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj,
 				return 0;
 			break;
 
+		case UBUS_ACL_LISTEN:
+			if (acl->listen)
+				return 0;
+			break;
+
 		case UBUS_ACL_ACCESS:
 			if (acl->methods) {
 				struct blob_attr *cur;
@@ -279,6 +285,13 @@ ubusd_acl_add_publish(struct ubusd_acl_file *file, const char *obj)
 	o->publish = true;
 }
 
+static void ubusd_acl_add_listen(struct ubusd_acl_file *file, const char *obj)
+{
+	struct ubusd_acl_obj *o = ubusd_acl_alloc_obj(file, obj);
+
+	o->listen = true;
+}
+
 enum {
 	ACL_USER,
 	ACL_GROUP,
@@ -286,6 +299,7 @@ enum {
 	ACL_PUBLISH,
 	ACL_SUBSCRIBE,
 	ACL_INHERIT,
+	ACL_LISTEN,
 	__ACL_MAX
 };
 
@@ -296,6 +310,7 @@ static const struct blobmsg_policy acl_policy[__ACL_MAX] = {
 	[ACL_PUBLISH] = { .name = "publish", .type = BLOBMSG_TYPE_ARRAY },
 	[ACL_SUBSCRIBE] = { .name = "subscribe", .type = BLOBMSG_TYPE_ARRAY },
 	[ACL_INHERIT] = { .name = "inherit", .type = BLOBMSG_TYPE_ARRAY },
+	[ACL_LISTEN] = { .name= "listen", .type = BLOBMSG_TYPE_ARRAY },
 };
 
 static void
@@ -327,6 +342,11 @@ ubusd_acl_file_add(struct ubusd_acl_file *file)
 		blobmsg_for_each_attr(cur, tb[ACL_PUBLISH], rem)
 			if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)
 				ubusd_acl_add_publish(file, blobmsg_get_string(cur));
+
+	if (tb[ACL_LISTEN])
+		blobmsg_for_each_attr(cur, tb[ACL_LISTEN], rem)
+			if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)
+				ubusd_acl_add_listen(file, blobmsg_get_string(cur));
 }
 
 static void
-- 
cgit v1.2.1