DGNum/ubus
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ubusd_acl: event listen access list support

Browse source 
Adds event listen access list support in ubus via the "listen" keyword

Example of a json file:

{
    "user": "superuser",
    "listen": [ "network.*" ],
}

Signed-off-by: Koen Dergent <koen.cj.dergent@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
This commit is contained in:
Hans Dedecker 2018-10-03 15:36:17 +02:00
parent c035bab01c
commit da503db660
3 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
ubusd_acl.c
View file

@ -51,6 +51,7 @@ struct ubusd_acl_obj {
struct blob_attr *priv; struct blob_attr *priv;
bool subscribe; bool subscribe;
bool publish; bool publish;
bool listen;
}; };
struct ubusd_acl_file { struct ubusd_acl_file {
@ -132,6 +133,11 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj,
return 0; return 0;
break; break;
case UBUS_ACL_LISTEN:
if (acl->listen)
return 0;
break;
case UBUS_ACL_ACCESS: case UBUS_ACL_ACCESS:
if (acl->methods) { if (acl->methods) {
struct blob_attr *cur; struct blob_attr *cur;
@ -279,6 +285,13 @@ ubusd_acl_add_publish(struct ubusd_acl_file *file, const char *obj)
o->publish = true; o->publish = true;
} }
static void ubusd_acl_add_listen(struct ubusd_acl_file *file, const char *obj)
{
struct ubusd_acl_obj *o = ubusd_acl_alloc_obj(file, obj);
o->listen = true;
}
enum { enum {
ACL_USER, ACL_USER,
ACL_GROUP, ACL_GROUP,
@ -286,6 +299,7 @@ enum {
ACL_PUBLISH, ACL_PUBLISH,
ACL_SUBSCRIBE, ACL_SUBSCRIBE,
ACL_INHERIT, ACL_INHERIT,
ACL_LISTEN,
__ACL_MAX __ACL_MAX
}; };
@ -296,6 +310,7 @@ static const struct blobmsg_policy acl_policy[__ACL_MAX] = {
[ACL_PUBLISH] = { .name = "publish", .type = BLOBMSG_TYPE_ARRAY }, [ACL_PUBLISH] = { .name = "publish", .type = BLOBMSG_TYPE_ARRAY },
[ACL_SUBSCRIBE] = { .name = "subscribe", .type = BLOBMSG_TYPE_ARRAY }, [ACL_SUBSCRIBE] = { .name = "subscribe", .type = BLOBMSG_TYPE_ARRAY },
[ACL_INHERIT] = { .name = "inherit", .type = BLOBMSG_TYPE_ARRAY }, [ACL_INHERIT] = { .name = "inherit", .type = BLOBMSG_TYPE_ARRAY },
[ACL_LISTEN] = { .name= "listen", .type = BLOBMSG_TYPE_ARRAY },
}; };
static void static void
@ -327,6 +342,11 @@ ubusd_acl_file_add(struct ubusd_acl_file *file)
blobmsg_for_each_attr(cur, tb[ACL_PUBLISH], rem) blobmsg_for_each_attr(cur, tb[ACL_PUBLISH], rem)
if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)
ubusd_acl_add_publish(file, blobmsg_get_string(cur)); ubusd_acl_add_publish(file, blobmsg_get_string(cur));
if (tb[ACL_LISTEN])
blobmsg_for_each_attr(cur, tb[ACL_LISTEN], rem)
if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)
ubusd_acl_add_listen(file, blobmsg_get_string(cur));
} }
static void static void

1
ubusd_acl.h
View file

@ -18,6 +18,7 @@ enum ubusd_acl_type {
UBUS_ACL_PUBLISH, UBUS_ACL_PUBLISH,
UBUS_ACL_SUBSCRIBE, UBUS_ACL_SUBSCRIBE,
UBUS_ACL_ACCESS, UBUS_ACL_ACCESS,
UBUS_ACL_LISTEN,
}; };
int ubusd_acl_check(struct ubus_client *cl, const char *obj, const char *method, enum ubusd_acl_type type); int ubusd_acl_check(struct ubus_client *cl, const char *obj, const char *method, enum ubusd_acl_type type);

3
ubusd_event.c
View file

@ -88,6 +88,9 @@ static int ubusd_alloc_event_pattern(struct ubus_client *cl, struct blob_attr *m
len--; len--;
} }
if (pattern[0] && ubusd_acl_check(cl, pattern, NULL, UBUS_ACL_LISTEN))
return UBUS_STATUS_PERMISSION_DENIED;
ev = calloc(1, sizeof(*ev) + len + 1); ev = calloc(1, sizeof(*ev) + len + 1);
if (!ev) if (!ev)
return UBUS_STATUS_NO_DATA; return UBUS_STATUS_NO_DATA;