Adds event send access list support in ubus via the "send" keyword
Example of a json file:
{
"user": "superuser",
"send": [ "wireless.*" ],
}
Signed-off-by: Koen Dergent <koen.cj.dergent@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
bool subscribe;
bool publish;
bool listen;
bool subscribe;
bool publish;
bool listen;
};
struct ubusd_acl_file {
};
struct ubusd_acl_file {
+ case UBUS_ACL_SEND:
+ if (acl->send)
+ return 0;
+ break;
+
case UBUS_ACL_ACCESS:
if (acl->methods) {
struct blob_attr *cur;
case UBUS_ACL_ACCESS:
if (acl->methods) {
struct blob_attr *cur;
+static void ubusd_acl_add_send(struct ubusd_acl_file *file, const char *obj)
+{
+ struct ubusd_acl_obj *o = ubusd_acl_alloc_obj(file, obj);
+
+ o->send = true;
+}
+
enum {
ACL_USER,
ACL_GROUP,
enum {
ACL_USER,
ACL_GROUP,
ACL_SUBSCRIBE,
ACL_INHERIT,
ACL_LISTEN,
ACL_SUBSCRIBE,
ACL_INHERIT,
ACL_LISTEN,
[ACL_SUBSCRIBE] = { .name = "subscribe", .type = BLOBMSG_TYPE_ARRAY },
[ACL_INHERIT] = { .name = "inherit", .type = BLOBMSG_TYPE_ARRAY },
[ACL_LISTEN] = { .name= "listen", .type = BLOBMSG_TYPE_ARRAY },
[ACL_SUBSCRIBE] = { .name = "subscribe", .type = BLOBMSG_TYPE_ARRAY },
[ACL_INHERIT] = { .name = "inherit", .type = BLOBMSG_TYPE_ARRAY },
[ACL_LISTEN] = { .name= "listen", .type = BLOBMSG_TYPE_ARRAY },
+ [ACL_SEND] = { .name= "send", .type = BLOBMSG_TYPE_ARRAY },
blobmsg_for_each_attr(cur, tb[ACL_LISTEN], rem)
if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)
ubusd_acl_add_listen(file, blobmsg_get_string(cur));
blobmsg_for_each_attr(cur, tb[ACL_LISTEN], rem)
if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)
ubusd_acl_add_listen(file, blobmsg_get_string(cur));
+
+ if (tb[ACL_SEND])
+ blobmsg_for_each_attr(cur, tb[ACL_SEND], rem)
+ if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)
+ ubusd_acl_add_send(file, blobmsg_get_string(cur));
UBUS_ACL_SUBSCRIBE,
UBUS_ACL_ACCESS,
UBUS_ACL_LISTEN,
UBUS_ACL_SUBSCRIBE,
UBUS_ACL_ACCESS,
UBUS_ACL_LISTEN,
};
int ubusd_acl_check(struct ubus_client *cl, const char *obj, const char *method, enum ubusd_acl_type type);
};
int ubusd_acl_check(struct ubus_client *cl, const char *obj, const char *method, enum ubusd_acl_type type);
struct event_source *ev;
int match_len = 0;
struct event_source *ev;
int match_len = 0;
+ if (ubusd_acl_check(cl, id, NULL, UBUS_ACL_SEND))
+ return UBUS_STATUS_PERMISSION_DENIED;
+