* rpcd - UBUS RPC server
*
* Copyright (C) 2013 Felix Fietkau <nbd@openwrt.org>
- * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
+ * Copyright (C) 2013-2014 Jo-Philipp Wich <jow@openwrt.org>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#include <fnmatch.h>
#include <glob.h>
#include <uci.h>
+#include <limits.h>
#ifdef HAVE_SHADOW
#include <shadow.h>
static LIST_HEAD(create_callbacks);
static LIST_HEAD(destroy_callbacks);
-static const struct blobmsg_policy new_policy = {
- .name = "timeout", .type = BLOBMSG_TYPE_INT32
+enum {
+ RPC_SN_TIMEOUT,
+ __RPC_SN_MAX,
+};
+static const struct blobmsg_policy new_policy[__RPC_SN_MAX] = {
+ [RPC_SN_TIMEOUT] = { .name = "timeout", .type = BLOBMSG_TYPE_INT32 },
};
-static const struct blobmsg_policy sid_policy = {
- .name = "sid", .type = BLOBMSG_TYPE_STRING
+enum {
+ RPC_SI_SID,
+ __RPC_SI_MAX,
+};
+static const struct blobmsg_policy sid_policy[__RPC_SI_MAX] = {
+ [RPC_SI_SID] = { .name = "ubus_rpc_session", .type = BLOBMSG_TYPE_STRING },
};
enum {
__RPC_SS_MAX,
};
static const struct blobmsg_policy set_policy[__RPC_SS_MAX] = {
- [RPC_SS_SID] = { .name = "sid", .type = BLOBMSG_TYPE_STRING },
+ [RPC_SS_SID] = { .name = "ubus_rpc_session", .type = BLOBMSG_TYPE_STRING },
[RPC_SS_VALUES] = { .name = "values", .type = BLOBMSG_TYPE_TABLE },
};
__RPC_SG_MAX,
};
static const struct blobmsg_policy get_policy[__RPC_SG_MAX] = {
- [RPC_SG_SID] = { .name = "sid", .type = BLOBMSG_TYPE_STRING },
+ [RPC_SG_SID] = { .name = "ubus_rpc_session", .type = BLOBMSG_TYPE_STRING },
[RPC_SG_KEYS] = { .name = "keys", .type = BLOBMSG_TYPE_ARRAY },
};
__RPC_SA_MAX,
};
static const struct blobmsg_policy acl_policy[__RPC_SA_MAX] = {
- [RPC_SA_SID] = { .name = "sid", .type = BLOBMSG_TYPE_STRING },
+ [RPC_SA_SID] = { .name = "ubus_rpc_session", .type = BLOBMSG_TYPE_STRING },
[RPC_SA_SCOPE] = { .name = "scope", .type = BLOBMSG_TYPE_STRING },
[RPC_SA_OBJECTS] = { .name = "objects", .type = BLOBMSG_TYPE_ARRAY },
};
__RPC_SP_MAX,
};
static const struct blobmsg_policy perm_policy[__RPC_SP_MAX] = {
- [RPC_SP_SID] = { .name = "sid", .type = BLOBMSG_TYPE_STRING },
+ [RPC_SP_SID] = { .name = "ubus_rpc_session", .type = BLOBMSG_TYPE_STRING },
[RPC_SP_SCOPE] = { .name = "scope", .type = BLOBMSG_TYPE_STRING },
[RPC_SP_OBJECT] = { .name = "object", .type = BLOBMSG_TYPE_STRING },
[RPC_SP_FUNCTION] = { .name = "function", .type = BLOBMSG_TYPE_STRING },
__RPC_DUMP_MAX,
};
static const struct blobmsg_policy dump_policy[__RPC_DUMP_MAX] = {
- [RPC_DUMP_SID] = { .name = "sid", .type = BLOBMSG_TYPE_STRING },
+ [RPC_DUMP_SID] = { .name = "ubus_rpc_session", .type = BLOBMSG_TYPE_STRING },
[RPC_DUMP_TIMEOUT] = { .name = "timeout", .type = BLOBMSG_TYPE_INT32 },
[RPC_DUMP_EXPIRES] = { .name = "expires", .type = BLOBMSG_TYPE_INT32 },
[RPC_DUMP_DATA] = { .name = "data", .type = BLOBMSG_TYPE_TABLE },
!fnmatch((_acl)->object, (_obj), FNM_NOESCAPE) && \
!fnmatch((_acl)->function, (_func), FNM_NOESCAPE))
-static void
+static int
rpc_random(char *dest)
{
unsigned char buf[16] = { 0 };
FILE *f;
int i;
+ int ret;
f = fopen("/dev/urandom", "r");
if (!f)
- return;
+ return -1;
- fread(buf, 1, sizeof(buf), f);
+ ret = fread(buf, 1, sizeof(buf), f);
fclose(f);
+ if (ret < 0)
+ return ret;
+
for (i = 0; i < sizeof(buf); i++)
sprintf(dest + (i<<1), "%02x", buf[i]);
+
+ return 0;
}
static void
blob_buf_init(&buf, 0);
- blobmsg_add_string(&buf, "sid", ses->id);
+ blobmsg_add_string(&buf, "ubus_rpc_session", ses->id);
blobmsg_add_u32(&buf, "timeout", ses->timeout);
blobmsg_add_u32(&buf, "expires", uloop_timeout_remaining(&ses->t) / 1000);
if (!ses)
return NULL;
- rpc_random(ses->id);
+ if (rpc_random(ses->id))
+ return NULL;
ses->timeout = timeout;
struct blob_attr *tb;
int timeout = RPC_DEFAULT_SESSION_TIMEOUT;
- blobmsg_parse(&new_policy, 1, &tb, blob_data(msg), blob_len(msg));
+ blobmsg_parse(new_policy, __RPC_SN_MAX, &tb, blob_data(msg), blob_len(msg));
if (tb)
timeout = blobmsg_get_u32(tb);
struct rpc_session *ses;
struct blob_attr *tb;
- blobmsg_parse(&sid_policy, 1, &tb, blob_data(msg), blob_len(msg));
+ blobmsg_parse(sid_policy, __RPC_SI_MAX, &tb, blob_data(msg), blob_len(msg));
if (!tb) {
avl_for_each_element(&sessions, ses, avl)
return cb(ses, scope, NULL, NULL);
blobmsg_for_each_attr(attr, tb[RPC_SA_OBJECTS], rem1) {
- if (blob_id(attr) != BLOBMSG_TYPE_ARRAY)
+ if (blobmsg_type(attr) != BLOBMSG_TYPE_ARRAY)
continue;
object = NULL;
function = NULL;
blobmsg_for_each_attr(sattr, attr, rem2) {
- if (blob_id(sattr) != BLOBMSG_TYPE_STRING)
+ if (blobmsg_type(sattr) != BLOBMSG_TYPE_STRING)
continue;
if (!object)
blobmsg_parse(perm_policy, __RPC_SP_MAX, tb, blob_data(msg), blob_len(msg));
- if (!tb[RPC_SP_SID] || !tb[RPC_SP_OBJECT] || !tb[RPC_SP_FUNCTION])
+ if (!tb[RPC_SP_SID])
return UBUS_STATUS_INVALID_ARGUMENT;
ses = rpc_session_get(blobmsg_data(tb[RPC_SP_SID]));
if (!ses)
return UBUS_STATUS_NOT_FOUND;
- if (tb[RPC_SP_SCOPE])
- scope = blobmsg_data(tb[RPC_SP_SCOPE]);
+ blob_buf_init(&buf, 0);
- allow = rpc_session_acl_allowed(ses, scope,
- blobmsg_data(tb[RPC_SP_OBJECT]),
- blobmsg_data(tb[RPC_SP_FUNCTION]));
+ if (tb[RPC_SP_OBJECT] && tb[RPC_SP_FUNCTION])
+ {
+ if (tb[RPC_SP_SCOPE])
+ scope = blobmsg_data(tb[RPC_SP_SCOPE]);
+
+ allow = rpc_session_acl_allowed(ses, scope,
+ blobmsg_data(tb[RPC_SP_OBJECT]),
+ blobmsg_data(tb[RPC_SP_FUNCTION]));
+
+ blobmsg_add_u8(&buf, "access", allow);
+ }
+ else
+ {
+ rpc_session_dump_acls(ses, &buf);
+ }
- blob_buf_init(&buf, 0);
- blobmsg_add_u8(&buf, "access", allow);
ubus_send_reply(ctx, req, buf.head);
return 0;
}
static void
-rpc_session_set(struct rpc_session *ses, const char *key, struct blob_attr *val)
+rpc_session_set(struct rpc_session *ses, struct blob_attr *val)
{
struct rpc_session_data *data;
- data = avl_find_element(&ses->data, key, data, avl);
+ data = avl_find_element(&ses->data, blobmsg_name(val), data, avl);
if (data) {
avl_delete(&ses->data, &data->avl);
free(data);
if (!blobmsg_name(attr)[0])
continue;
- rpc_session_set(ses, blobmsg_name(attr), attr);
+ rpc_session_set(ses, attr);
}
return 0;
if (tb[RPC_SG_KEYS])
blobmsg_for_each_attr(attr, tb[RPC_SG_KEYS], rem) {
- if (blob_id(attr) != BLOBMSG_TYPE_STRING)
+ if (blobmsg_type(attr) != BLOBMSG_TYPE_STRING)
continue;
data = avl_find_element(&ses->data, blobmsg_data(attr), data, avl);
}
blobmsg_for_each_attr(attr, tb[RPC_SG_KEYS], rem) {
- if (blob_id(attr) != BLOBMSG_TYPE_STRING)
+ if (blobmsg_type(attr) != BLOBMSG_TYPE_STRING)
continue;
data = avl_find_element(&ses->data, blobmsg_data(attr), data, avl);
struct rpc_session *ses;
struct blob_attr *tb;
- blobmsg_parse(&sid_policy, 1, &tb, blob_data(msg), blob_len(msg));
+ blobmsg_parse(sid_policy, __RPC_SI_MAX, &tb, blob_data(msg), blob_len(msg));
if (!tb)
return UBUS_STATUS_INVALID_ARGUMENT;
* ]
* }
*/
- if (blob_id(acl_scope) == BLOBMSG_TYPE_TABLE) {
+ if (blobmsg_type(acl_scope) == BLOBMSG_TYPE_TABLE) {
blobmsg_for_each_attr(acl_obj, acl_scope, rem) {
- if (blob_id(acl_obj) != BLOBMSG_TYPE_ARRAY)
+ if (blobmsg_type(acl_obj) != BLOBMSG_TYPE_ARRAY)
continue;
blobmsg_for_each_attr(acl_func, acl_obj, rem2) {
- if (blob_id(acl_func) != BLOBMSG_TYPE_STRING)
+ if (blobmsg_type(acl_func) != BLOBMSG_TYPE_STRING)
continue;
rpc_session_grant(ses, blobmsg_name(acl_scope),
* ...
* ]
*/
- else if (blob_id(acl_scope) == BLOBMSG_TYPE_ARRAY) {
+ else if (blobmsg_type(acl_scope) == BLOBMSG_TYPE_ARRAY) {
blobmsg_for_each_attr(acl_obj, acl_scope, rem) {
- if (blob_id(acl_obj) != BLOBMSG_TYPE_STRING)
+ if (blobmsg_type(acl_obj) != BLOBMSG_TYPE_STRING)
continue;
rpc_session_grant(ses, blobmsg_name(acl_scope),
blob_for_each_attr(acl_group, acl.head, rem) {
/* Iterate permission objects in each access group object */
blobmsg_for_each_attr(acl_perm, acl_group, rem2) {
- if (blob_id(acl_perm) != BLOBMSG_TYPE_TABLE)
+ if (blobmsg_type(acl_perm) != BLOBMSG_TYPE_TABLE)
continue;
/* Only "read" and "write" permissions are defined */
rpc_login_setup_acls(ses, login);
- rpc_session_set(ses, "user", tb[RPC_L_USERNAME]);
+ rpc_session_set(ses, tb[RPC_L_USERNAME]);
rpc_session_dump(ses, ctx, req);
out:
if (len != blob_pad_len(&head))
goto fail;
+ close(fd);
+
return attr;
fail:
ses->timeout = blobmsg_get_u32(tb[RPC_DUMP_TIMEOUT]);
blobmsg_for_each_attr(data, tb[RPC_DUMP_DATA], rem) {
- rpc_session_set(ses, blobmsg_name(data), data);
+ rpc_session_set(ses, data);
if (!strcmp(blobmsg_name(data), "username"))
user = blobmsg_get_string(data);
struct rpc_session *ses;
static const struct ubus_method session_methods[] = {
- UBUS_METHOD("create", rpc_handle_create, &new_policy),
- UBUS_METHOD("list", rpc_handle_list, &sid_policy),
+ UBUS_METHOD("create", rpc_handle_create, new_policy),
+ UBUS_METHOD("list", rpc_handle_list, sid_policy),
UBUS_METHOD("grant", rpc_handle_acl, acl_policy),
UBUS_METHOD("revoke", rpc_handle_acl, acl_policy),
UBUS_METHOD("access", rpc_handle_access, perm_policy),
UBUS_METHOD("set", rpc_handle_set, set_policy),
UBUS_METHOD("get", rpc_handle_get, get_policy),
UBUS_METHOD("unset", rpc_handle_unset, get_policy),
- UBUS_METHOD("destroy", rpc_handle_destroy, &sid_policy),
+ UBUS_METHOD("destroy", rpc_handle_destroy, sid_policy),
UBUS_METHOD("login", rpc_handle_login, login_policy),
};