ubusd_acl: event send access list support
Adds event send access list support in ubus via the "send" keyword Example of a json file: { "user": "superuser", "send": [ "wireless.*" ], } Signed-off-by: Koen Dergent <koen.cj.dergent@gmail.com> Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This commit is contained in:
parent
da503db660
commit
221ce7e7ff
3 changed files with 24 additions and 0 deletions
20
ubusd_acl.c
20
ubusd_acl.c
|
@ -52,6 +52,7 @@ struct ubusd_acl_obj {
|
|||
bool subscribe;
|
||||
bool publish;
|
||||
bool listen;
|
||||
bool send;
|
||||
};
|
||||
|
||||
struct ubusd_acl_file {
|
||||
|
@ -138,6 +139,11 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj,
|
|||
return 0;
|
||||
break;
|
||||
|
||||
case UBUS_ACL_SEND:
|
||||
if (acl->send)
|
||||
return 0;
|
||||
break;
|
||||
|
||||
case UBUS_ACL_ACCESS:
|
||||
if (acl->methods) {
|
||||
struct blob_attr *cur;
|
||||
|
@ -292,6 +298,13 @@ static void ubusd_acl_add_listen(struct ubusd_acl_file *file, const char *obj)
|
|||
o->listen = true;
|
||||
}
|
||||
|
||||
static void ubusd_acl_add_send(struct ubusd_acl_file *file, const char *obj)
|
||||
{
|
||||
struct ubusd_acl_obj *o = ubusd_acl_alloc_obj(file, obj);
|
||||
|
||||
o->send = true;
|
||||
}
|
||||
|
||||
enum {
|
||||
ACL_USER,
|
||||
ACL_GROUP,
|
||||
|
@ -300,6 +313,7 @@ enum {
|
|||
ACL_SUBSCRIBE,
|
||||
ACL_INHERIT,
|
||||
ACL_LISTEN,
|
||||
ACL_SEND,
|
||||
__ACL_MAX
|
||||
};
|
||||
|
||||
|
@ -311,6 +325,7 @@ static const struct blobmsg_policy acl_policy[__ACL_MAX] = {
|
|||
[ACL_SUBSCRIBE] = { .name = "subscribe", .type = BLOBMSG_TYPE_ARRAY },
|
||||
[ACL_INHERIT] = { .name = "inherit", .type = BLOBMSG_TYPE_ARRAY },
|
||||
[ACL_LISTEN] = { .name= "listen", .type = BLOBMSG_TYPE_ARRAY },
|
||||
[ACL_SEND] = { .name= "send", .type = BLOBMSG_TYPE_ARRAY },
|
||||
};
|
||||
|
||||
static void
|
||||
|
@ -347,6 +362,11 @@ ubusd_acl_file_add(struct ubusd_acl_file *file)
|
|||
blobmsg_for_each_attr(cur, tb[ACL_LISTEN], rem)
|
||||
if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)
|
||||
ubusd_acl_add_listen(file, blobmsg_get_string(cur));
|
||||
|
||||
if (tb[ACL_SEND])
|
||||
blobmsg_for_each_attr(cur, tb[ACL_SEND], rem)
|
||||
if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)
|
||||
ubusd_acl_add_send(file, blobmsg_get_string(cur));
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
|
@ -19,6 +19,7 @@ enum ubusd_acl_type {
|
|||
UBUS_ACL_SUBSCRIBE,
|
||||
UBUS_ACL_ACCESS,
|
||||
UBUS_ACL_LISTEN,
|
||||
UBUS_ACL_SEND,
|
||||
};
|
||||
|
||||
int ubusd_acl_check(struct ubus_client *cl, const char *obj, const char *method, enum ubusd_acl_type type);
|
||||
|
|
|
@ -142,6 +142,9 @@ int ubusd_send_event(struct ubus_client *cl, const char *id,
|
|||
struct event_source *ev;
|
||||
int match_len = 0;
|
||||
|
||||
if (ubusd_acl_check(cl, id, NULL, UBUS_ACL_SEND))
|
||||
return UBUS_STATUS_PERMISSION_DENIED;
|
||||
|
||||
obj_event_seq++;
|
||||
|
||||
/*
|
||||
|
|
Loading…
Add table
Reference in a new issue