From patchwork Wed Oct 3 13:36:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans Dedecker X-Patchwork-Id: 978331 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="uh+LJ8pE"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="dkjsibdw"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="pnQhvGqx"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42QHDC1PTsz9s1x for ; Wed, 3 Oct 2018 23:38:51 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=SuSxm+QsolDDpfrGCHajq7thuoA0wYf3gjriO+z69AI=; b=uh+LJ8pEHvtcIy qRG9WfiCMiLIpAi4w0XD9WLHvivZOm07PcmWcjUQIa8oRpT0hd7AXw1+Znqs4bRBtqKJ6J1eAfMlJ Zn8tv+JBwcYvGfUR5sQk8WuWisxkihL6zW6kQ3W01k4KYHEblV+pLBcFO007S53vJ1nnG+ngotcCV gct9PodvBlBMgiRFTLjjD1pneSYa0qI2XXFAvvwPz4RAVrzlXUL4sJbblT64+cvUOSgKuALJZBnZ1 yllc4C/C6F8NC5vn2KjabyTEQxnnie6Trs5A1nR8oJD6HE7c6PejUSENAG4+jUYvFxe+iFDjnXJNU oJIT+0R3CgIz6i6q4bKQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1g7hMQ-00063p-Sa; Wed, 03 Oct 2018 13:38:42 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g7hKd-0005M2-Fy for openwrt-devel@bombadil.infradead.org; Wed, 03 Oct 2018 13:36:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Sender:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=k2/D1G3jMvZA29GOt5qbPnyZlSD2dguYHDjvdmgMFec=; b=dkjsibdw5bRo4K7vMeRs08EsD B84rExIYjRh7NaJRDwSN6Xprcr+ghCeOKxmQvMjd5Zay+R23cp1Y2psmkm4bDNr5TtI3qzirqKIs3 2F+3W420+AtUe2TbsSj8GThBjWxpJFJQv8DYP0DbKPqHKjdL21j6axhmZ53e4Fsd1zlax/DDLpbia BgR9TGpahDzj8zYQ9z0lOb42Pw2jic+A9ZXuq1ht1EpidWYEkqJno4osJPiHrsza6EQqweTUoz+wN N9gBwdI2lREwLDlDBAjBBP14uxha/0XITnFsyXc//tz6Jah+rhf2WYPsVrMaqVOCyUDtHWCd2JRh6 oWFZzBxbA==; Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d]) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g7hKZ-0006XZ-3z for openwrt-devel@lists.openwrt.org; Wed, 03 Oct 2018 13:36:48 +0000 Received: by mail-wr1-x42d.google.com with SMTP id 63-v6so6160290wra.11 for ; Wed, 03 Oct 2018 06:36:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=k2/D1G3jMvZA29GOt5qbPnyZlSD2dguYHDjvdmgMFec=; b=pnQhvGqxtMXreJZpjsnuklTKRGed3zG6+TmE3DYDO4dKKMneOWC1x12qWbNlAySX1P STS2MWny7Y6ABoOG6YDhTK3MxkvIsBVyrTeaZ/hSIk4zeqCa+g77s/8pfyejK67s6w+Q HUYpu81qQFCjwe2kgScoa1m2vSjjgt/DKV79Wvei5qMp9Lpz28jCfD4joY2Iflxv9ZbP YZiK9iV/2SLSLSh5pfXmrIV+0n1Q8E+KIhFTg5+msvKzHO9n/DdzZjck13f/dJ90S7pr ex5vccouIY2/XjhBiuXI+EV1snKRJj1WcUE1FObv8zbPZiVNWvfrHrjkJAPxiN/jkq1h YHEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=k2/D1G3jMvZA29GOt5qbPnyZlSD2dguYHDjvdmgMFec=; b=Y8NnhmxaRJadXy/gE/5LppB8iNm58nb7MNqYgniqRWoyAeIlww2IKbTKTbBsidfeca KiqOxvGeoAvuKyQnPCa1u4rSXMP2nFfePyVTlRRRkzh2HwPu3Hzy4KVfiZxvkFIKogS1 a8V6at6KKUGW1VLEwNF5l+TnUpyU5Oc5MWC3c4sYZvYQpXVOmhlgcfTYwanFp0umF19z iQhry01m14NnwmU7L94qEmnAKZbRltdiWmjOGPE3c0J/hE5WmmiWEEJMxW3BiD6aP0s2 YJlxnHq1xIME0U9aT0zorqt4H6cflSAlUBBapmscrmk6fn92AGs2uaGKpbeM0+aw7w2B SLpw== X-Gm-Message-State: ABuFfogUtv3UQF4wAM16Ym5hnJlE+5mFFxcBHsEjt7flGM5KpQvY81qK 9RIYvHEHTT9q6Tf8sqmtiAzM6QTA X-Google-Smtp-Source: ACcGV62kpzt0MLjOC5ivAw4v+3+4XK1N/fU07Dmdf1DpcfEuXSOKbbcvU6qQNZx6H78g6eU0yi8/AA== X-Received: by 2002:adf:fa4e:: with SMTP id y14-v6mr1372590wrr.155.1538573790125; Wed, 03 Oct 2018 06:36:30 -0700 (PDT) Received: from cplx43.eu.thmulti.com (14.125.146.82.ipv4.evonet.be. [82.146.125.14]) by smtp.gmail.com with ESMTPSA id a6-v6sm1815633wmf.22.2018.10.03.06.36.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 03 Oct 2018 06:36:29 -0700 (PDT) From: Hans Dedecker To: openwrt-devel@lists.openwrt.org Date: Wed, 3 Oct 2018 15:36:18 +0200 Message-Id: <20181003133618.8371-4-dedeckeh@gmail.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20181003133618.8371-1-dedeckeh@gmail.com> References: <20181003133618.8371-1-dedeckeh@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181003_093647_201254_B44FB0EB X-CRM114-Status: GOOD ( 15.82 ) X-Spam-Score: -0.1 (/) X-Spam-Report: SpamAssassin version 3.4.1 on merlin.infradead.org summary: Content analysis details: (-0.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:42d listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (dedeckeh[at]gmail.com) -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Subject: [OpenWrt-Devel] [PATCH 4/4][ubus] ubusd_acl: event send access list support X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hans Dedecker , john@phrozen.org, Koen Dergent , nbd@nbd.name MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Adds event send access list support in ubus via the "send" keyword Example of a json file: { "user": "superuser", "send": [ "wireless.*" ], } Signed-off-by: Koen Dergent Signed-off-by: Hans Dedecker --- ubusd_acl.c | 20 ++++++++++++++++++++ ubusd_acl.h | 1 + ubusd_event.c | 3 +++ 3 files changed, 24 insertions(+) diff --git a/ubusd_acl.c b/ubusd_acl.c index 992d0ea..6257f81 100644 --- a/ubusd_acl.c +++ b/ubusd_acl.c @@ -52,6 +52,7 @@ struct ubusd_acl_obj { bool subscribe; bool publish; bool listen; + bool send; }; struct ubusd_acl_file { @@ -138,6 +139,11 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj, return 0; break; + case UBUS_ACL_SEND: + if (acl->send) + return 0; + break; + case UBUS_ACL_ACCESS: if (acl->methods) { struct blob_attr *cur; @@ -292,6 +298,13 @@ static void ubusd_acl_add_listen(struct ubusd_acl_file *file, const char *obj) o->listen = true; } +static void ubusd_acl_add_send(struct ubusd_acl_file *file, const char *obj) +{ + struct ubusd_acl_obj *o = ubusd_acl_alloc_obj(file, obj); + + o->send = true; +} + enum { ACL_USER, ACL_GROUP, @@ -300,6 +313,7 @@ enum { ACL_SUBSCRIBE, ACL_INHERIT, ACL_LISTEN, + ACL_SEND, __ACL_MAX }; @@ -311,6 +325,7 @@ static const struct blobmsg_policy acl_policy[__ACL_MAX] = { [ACL_SUBSCRIBE] = { .name = "subscribe", .type = BLOBMSG_TYPE_ARRAY }, [ACL_INHERIT] = { .name = "inherit", .type = BLOBMSG_TYPE_ARRAY }, [ACL_LISTEN] = { .name= "listen", .type = BLOBMSG_TYPE_ARRAY }, + [ACL_SEND] = { .name= "send", .type = BLOBMSG_TYPE_ARRAY }, }; static void @@ -347,6 +362,11 @@ ubusd_acl_file_add(struct ubusd_acl_file *file) blobmsg_for_each_attr(cur, tb[ACL_LISTEN], rem) if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) ubusd_acl_add_listen(file, blobmsg_get_string(cur)); + + if (tb[ACL_SEND]) + blobmsg_for_each_attr(cur, tb[ACL_SEND], rem) + if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) + ubusd_acl_add_send(file, blobmsg_get_string(cur)); } static void diff --git a/ubusd_acl.h b/ubusd_acl.h index a6a6a30..11c8117 100644 --- a/ubusd_acl.h +++ b/ubusd_acl.h @@ -19,6 +19,7 @@ enum ubusd_acl_type { UBUS_ACL_SUBSCRIBE, UBUS_ACL_ACCESS, UBUS_ACL_LISTEN, + UBUS_ACL_SEND, }; int ubusd_acl_check(struct ubus_client *cl, const char *obj, const char *method, enum ubusd_acl_type type); diff --git a/ubusd_event.c b/ubusd_event.c index 6e612a1..712e704 100644 --- a/ubusd_event.c +++ b/ubusd_event.c @@ -142,6 +142,9 @@ int ubusd_send_event(struct ubus_client *cl, const char *id, struct event_source *ev; int match_len = 0; + if (ubusd_acl_check(cl, id, NULL, UBUS_ACL_SEND)) + return UBUS_STATUS_PERMISSION_DENIED; + obj_event_seq++; /*