ubusd_acl: event send access list support

Adds event send access list support in ubus via the "send" keyword

Example of a json file:
{
	"user": "superuser",
	"send": [ "wireless.*" ],
}

Signed-off-by: Koen Dergent <koen.cj.dergent@gmail.com>
Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

diff --git a/ubusd_acl.c b/ubusd_acl.c
index 992d0ea299366e25b7ee765207bcad208607c8e0..6257f811a6514ac36e4b719b1f1966c49dfeb711 100644 (file)
--- a/ubusd_acl.c
+++ b/ubusd_acl.c
@@ -52,6 +52,7 @@ struct ubusd_acl_obj {
        bool subscribe;
        bool publish;
        bool listen;
        bool subscribe;
        bool publish;
        bool listen;

+       bool send;

 };
 
 struct ubusd_acl_file {
 };
 
 struct ubusd_acl_file {


@@ -138,6 +139,11 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj,
                                return 0;
                        break;
 
                                return 0;
                        break;
 

+               case UBUS_ACL_SEND:
+                       if (acl->send)
+                               return 0;
+                       break;
+

                case UBUS_ACL_ACCESS:
                        if (acl->methods) {
                                struct blob_attr *cur;
                case UBUS_ACL_ACCESS:
                        if (acl->methods) {
                                struct blob_attr *cur;


@@ -292,6 +298,13 @@ static void ubusd_acl_add_listen(struct ubusd_acl_file *file, const char *obj)
        o->listen = true;
 }
 
        o->listen = true;
 }
 

+static void ubusd_acl_add_send(struct ubusd_acl_file *file, const char *obj)
+{
+       struct ubusd_acl_obj *o = ubusd_acl_alloc_obj(file, obj);
+
+       o->send = true;
+}
+

 enum {
        ACL_USER,
        ACL_GROUP,
 enum {
        ACL_USER,
        ACL_GROUP,


@@ -300,6 +313,7 @@ enum {
        ACL_SUBSCRIBE,
        ACL_INHERIT,
        ACL_LISTEN,
        ACL_SUBSCRIBE,
        ACL_INHERIT,
        ACL_LISTEN,

+       ACL_SEND,

        __ACL_MAX
 };
 
        __ACL_MAX
 };
 


@@ -311,6 +325,7 @@ static const struct blobmsg_policy acl_policy[__ACL_MAX] = {
        [ACL_SUBSCRIBE] = { .name = "subscribe", .type = BLOBMSG_TYPE_ARRAY },
        [ACL_INHERIT] = { .name = "inherit", .type = BLOBMSG_TYPE_ARRAY },
        [ACL_LISTEN] = { .name= "listen", .type = BLOBMSG_TYPE_ARRAY },
        [ACL_SUBSCRIBE] = { .name = "subscribe", .type = BLOBMSG_TYPE_ARRAY },
        [ACL_INHERIT] = { .name = "inherit", .type = BLOBMSG_TYPE_ARRAY },
        [ACL_LISTEN] = { .name= "listen", .type = BLOBMSG_TYPE_ARRAY },

+       [ACL_SEND] = { .name= "send", .type = BLOBMSG_TYPE_ARRAY },

 };
 
 static void
 };
 
 static void


@@ -347,6 +362,11 @@ ubusd_acl_file_add(struct ubusd_acl_file *file)
                blobmsg_for_each_attr(cur, tb[ACL_LISTEN], rem)
                        if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)
                                ubusd_acl_add_listen(file, blobmsg_get_string(cur));
                blobmsg_for_each_attr(cur, tb[ACL_LISTEN], rem)
                        if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)
                                ubusd_acl_add_listen(file, blobmsg_get_string(cur));

+
+       if (tb[ACL_SEND])
+               blobmsg_for_each_attr(cur, tb[ACL_SEND], rem)
+                       if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING)
+                               ubusd_acl_add_send(file, blobmsg_get_string(cur));

 }
 
 static void
 }
 
 static void

diff --git a/ubusd_acl.h b/ubusd_acl.h
index a6a6a30907c48d12281b06acb979f67d63cb0b12..11c81170947174e384d82c0a25f20be058e16fe4 100644 (file)
--- a/ubusd_acl.h
+++ b/ubusd_acl.h
@@ -19,6 +19,7 @@ enum ubusd_acl_type {
        UBUS_ACL_SUBSCRIBE,
        UBUS_ACL_ACCESS,
        UBUS_ACL_LISTEN,
        UBUS_ACL_SUBSCRIBE,
        UBUS_ACL_ACCESS,
        UBUS_ACL_LISTEN,

+       UBUS_ACL_SEND,

 };
 
 int ubusd_acl_check(struct ubus_client *cl, const char *obj, const char *method, enum ubusd_acl_type type);
 };
 
 int ubusd_acl_check(struct ubus_client *cl, const char *obj, const char *method, enum ubusd_acl_type type);

diff --git a/ubusd_event.c b/ubusd_event.c
index 6e612a19070b19a2a65577a3143aefeeeab532d9..712e7049946a88acba0207ce72ed0fc78653ec05 100644 (file)
--- a/ubusd_event.c
+++ b/ubusd_event.c
@@ -142,6 +142,9 @@ int ubusd_send_event(struct ubus_client *cl, const char *id,
        struct event_source *ev;
        int match_len = 0;
 
        struct event_source *ev;
        int match_len = 0;
 

+       if (ubusd_acl_check(cl, id, NULL, UBUS_ACL_SEND))
+               return UBUS_STATUS_PERMISSION_DENIED;
+

        obj_event_seq++;
 
        /*
        obj_event_seq++;
 
        /*