Adds event send access list support in ubus via the "send" keyword
Example of a json file:
{
"user": "superuser",
"send": [ "wireless.*" ],
}
Signed-off-by: Koen Dergent <koen.cj.dergent@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Adds event listen access list support in ubus via the "listen" keyword
Example of a json file:
{
"user": "superuser",
"listen": [ "network.*" ],
}
Signed-off-by: Koen Dergent <koen.cj.dergent@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
Wildcard access list support was failing in case multiple wildcards
entries were defined and/or when a specific access list string
overlapped a wildcard entry.
Root cause of the problem was the way how wildcard entries were sorted
in the avl tree by the compare function ubusd_acl_match_path resulting
into a non acces list match for a given object path.
The avl_tree sorting has been changed to make use of avl_strcmp; as such
there's no distinction anymore between non-wildcard and wildcard entries
in the avl_tree compare function as the boolean partial marks an access
list entry as a wildcard entry.
When trying to find an access list match for an object path the access list
tree is iterated as long as the number of characters between the access list
string and object path is monotonically increasing.
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
If there are any ACLs present other than global wildcard "*", the AVL
tree comparator will compare ACL key to object name. However, object
name can be NULL in cases where ACL check is done on call to internal
ubus objects (e.g. ubus monitor).
With this change we skip checking ACLs on such NULL objects.
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
