From patchwork Wed Oct 3 13:36:15 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans Dedecker X-Patchwork-Id: 978330 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="YdomAtH8"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="DuNeTK0b"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42QHCM1G0bz9s1x for ; Wed, 3 Oct 2018 23:38:07 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id: Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=pzYlqxu03d7PiOtvoQE9ZIUf9/rQ5d+79uJbO0Qd6vo=; b=YdomAtH8wjsqtS aCVloSm5SgRnaE88G5tSYYxlt+c0VZ5cgPrwwFd1qFAygg7GSnCbNs6SP+rBDMyqOkJezGlKtcVrH fty3BBUKzbT0LUgC92KIrPSQ6t50CtInYgsxYIhSV60HrCEBEHXl+6upf/RGltWN7nyYRZOUcfdqU 2CUCmX8iSMT16iX2JLr3Cm3LfnN3Lh3Ua45DmDKbLqwvXi4ZW1lYYlUNcga0sXg9JuOZcbrveMp8R fZdg8I0y/39NIRglLFP3CwRKlvPBU6EUSQ661lAG7yK/Fp4xG7U2kPO6YHyD0yhRdgeDu6rOkulFl CHeg0o+zYJUQX+z0yQ7A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1g7hLg-0005m5-1L; Wed, 03 Oct 2018 13:37:56 +0000 Received: from mail-wm1-x329.google.com ([2a00:1450:4864:20::329]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g7hKN-00059X-Ip for openwrt-devel@lists.openwrt.org; Wed, 03 Oct 2018 13:37:40 +0000 Received: by mail-wm1-x329.google.com with SMTP id 143-v6so5738349wmf.1 for ; Wed, 03 Oct 2018 06:36:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=Q5c3SBCE0pBtFW6XQi4ms8k/vRUdcaUO3ANeV4FA5w0=; b=DuNeTK0bughzpxme+ntYhnyYR9Z39D2KGYugeI2Ef5Zq1X9Vl6/ZbAYO0RLyfm+zjg HxQSQ9kyaKy+5rwSZFxyCR1EUS3s7jilUxIyAW1Oy1iGF5Kx0w8TZdyoPxtsFaiq9JPl qX8BpkCDkChmH6G2pYfvMvTCX+XpNX6NBrsMVTW+6tcMyc5RPf6KkYc/LxwfDE2t3/Uf K/MfnOnG+643RMEbH5p+hD6sbsUKsTugcIgr4OpOVB9HnfIHIanRJLPyRFRzEORencaT zCK2W7LJSunO0bFwKgM/7VGSoPafxhrPBqBk18p78N4SQhasLAytikXeikLE/yaFD1z3 aanQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=Q5c3SBCE0pBtFW6XQi4ms8k/vRUdcaUO3ANeV4FA5w0=; b=Q28spL1YlQ/l3W3jNKuWM2LF/pSoYMabaWciMrPZxO6gAwSq9+EFhAC0ooRe4WOueO 90IE9t4QaP9wYDGSVC6jRwMfRUeDb1S4CJztgvp0Z3xIeUEckyUJdIhYlpkGW4ICnFA3 km1rE3CPr6qAPzsfFZ2vbzAOf29yUnY0KUcfHXVH4LnPNh+syGb2xmzNkBZ//Op7djtV RthQL48SiYQkGfRdKHa2IJiJYRAR9GK3OBnQbw3GtDQhDhD5lDSNfwhhRVimr0qlCdw4 BACGxljc7gPd+j2G/RDe2P6u3LthCprEcxwNTrBDk7ySn35lOnI7UKjkuuDz2wO7hZuv ulCg== X-Gm-Message-State: ABuFfoiMe8vj8KtWBJaoPf8A1k4iPNQ33SaP1sFV8CDX5VcUigLFrBbp /pvLcLGe3/OFoULazV8Izleqk47p X-Google-Smtp-Source: ACcGV61IjY8oql0Bf29DaHQ28q1bRHQCby48z6HwhQsmuLofDCQpmuClfwySRo77xndJJTu7ExlrcA== X-Received: by 2002:a1c:be09:: with SMTP id o9-v6mr1545949wmf.109.1538573782365; Wed, 03 Oct 2018 06:36:22 -0700 (PDT) Received: from cplx43.eu.thmulti.com (14.125.146.82.ipv4.evonet.be. [82.146.125.14]) by smtp.gmail.com with ESMTPSA id a6-v6sm1815633wmf.22.2018.10.03.06.36.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 03 Oct 2018 06:36:21 -0700 (PDT) From: Hans Dedecker To: openwrt-devel@lists.openwrt.org Date: Wed, 3 Oct 2018 15:36:15 +0200 Message-Id: <20181003133618.8371-1-dedeckeh@gmail.com> X-Mailer: git-send-email 2.18.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181003_063635_665771_AF3C89C8 X-CRM114-Status: UNSURE ( 9.94 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.1 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:329 listed in] [list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (dedeckeh[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain Subject: [OpenWrt-Devel] [PATCH 1/4][ubus] ubusd_event: move strmatch_len to ubus_common.h X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hans Dedecker , john@phrozen.org, nbd@nbd.name MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Rename strmatch_len into ubus_strmatch_len and move it to ubus_common.h Signed-off-by: Hans Dedecker --- ubus_common.h | 9 +++++++++ ubusd_event.c | 11 +---------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/ubus_common.h b/ubus_common.h index 4bb9927..5e4d0ad 100644 --- a/ubus_common.h +++ b/ubus_common.h @@ -21,4 +21,13 @@ #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) #endif +static inline bool ubus_strmatch_len(const char *s1, const char *s2, int *len) +{ + for (*len = 0; s1[*len] == s2[*len]; (*len)++) + if (!s1[*len]) + return true; + + return false; +} + #endif diff --git a/ubusd_event.c b/ubusd_event.c index 0469c20..f07f826 100644 --- a/ubusd_event.c +++ b/ubusd_event.c @@ -132,15 +132,6 @@ static void ubusd_send_event_msg(struct ubus_msg_buf **ub, struct ubus_client *c ubus_msg_send(obj->client, *ub); } -static bool strmatch_len(const char *s1, const char *s2, int *len) -{ - for (*len = 0; s1[*len] == s2[*len]; (*len)++) - if (!s1[*len]) - return true; - - return false; -} - int ubusd_send_event(struct ubus_client *cl, const char *id, event_fill_cb fill_cb, void *cb_priv) { @@ -160,7 +151,7 @@ int ubusd_send_event(struct ubus_client *cl, const char *id, int cur_match_len; bool full_match; - full_match = strmatch_len(id, key, &cur_match_len); + full_match = ubus_strmatch_len(id, key, &cur_match_len); if (cur_match_len < match_len) break; From patchwork Wed Oct 3 13:36:16 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans Dedecker X-Patchwork-Id: 978332 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="b5jb5bFr"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="h0LJxLQA"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42QHDL0DbHz9s7h for ; Wed, 3 Oct 2018 23:38:58 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=jSn4tUsn21giAHdFMfifoVnb7ItoW+2tNZqa0bwSTlE=; b=b5jb5bFrZ3uYOV 7WeKH/tX+yB89ag0AcwmDQq11Otf6N4g259nWVqHFXUeqRn1k6fH6R0ws3fHdVKWQivtOHOluVqm2 xo/wEYeQ2jDpS63i1F8onLQqTd/jiVOo2brZY1WSAaCDSKDk6sJFFkezgI/aIrv95NLaPJNvrPahK +v7pJfKh0iw2tBstcgfKgEorT6q9oWjuHA0hHlA9R0lCThSZIMrtA8txveLy+wFHrAFYfVDMvqNfM Fbia+tKKvYuWn6FxltGb2PhzgC/8hef9KM30Xfn2Ben5eMCUI29ckip9xW9bSq42B5RWvcpsbGg8W UalMc7OMiyJchoLN157A==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1g7hMU-000654-3I; Wed, 03 Oct 2018 13:38:46 +0000 Received: from mail-wm1-x331.google.com ([2a00:1450:4864:20::331]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g7hKP-0005Ar-6r for openwrt-devel@lists.openwrt.org; Wed, 03 Oct 2018 13:38:14 +0000 Received: by mail-wm1-x331.google.com with SMTP id z204-v6so4852844wmc.5 for ; Wed, 03 Oct 2018 06:36:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=LpOdDWlVvp/Lp1EESkyKX3qbvB/gAuWMHNIx4NUSLV0=; b=h0LJxLQAH6AHtluBfQIb/VgPbsEYbPHzS6i0dN3ciX2vq9amfS8x7kCuH4pWjTLfpT /Hzw1iN8mtOP7TJOPgBRNVWLEi1OIKGa5rwoUFMSr5Y8Hy+02JXQKriyAdQCmSyW8/zh N6awLVlXo5cHL+t0jMsPCjbgLkkDQzBC3wiwD/BgcYOKLdrapgjv7ByyR1149EprhhQv WVhsVV9EI9V2YmHk7nPSiwXe/7h+SBVWDZgXhcOimQztkhzOj916t2tIDa0z0Lz8MwO8 zWgZRinAVLl4W4+pjSlvdQZk+rlVjqFFx5oV3AsleeY33sZGMGEZuI2dHp0ju0Fdguju znEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=LpOdDWlVvp/Lp1EESkyKX3qbvB/gAuWMHNIx4NUSLV0=; b=FVd0JPM6gmEmjjeeE60yI2ej6W2eEpmhfttdvZJZSLTpxULp1ugbE/QbCHvqes+W2w e7pa56VAsAcqrKoNEzEadTq6yhHzZICDXDeZeCHEvjhNd9fGx5V/WP/+GHLLEeeVYD6D kYI0luQqNolvJiUK4Zws/o+QV7+nRXk0L35zn4zB46F8rKr7ODE3qCcUqRcm5REBRdFT 4pqgLrQOqHQfw1bUHN04yvE/njQGr8umHFN1C8sl19/I5+zBWZlvk9CTNcFPtarJIuf3 kQisw4FzdSfmxv77/G9eCXR9EK4qU0RHD9qAqmHgkGuCOCAfl80yrocjn7ZCaOeiNoTy lF3Q== X-Gm-Message-State: ABuFfojWjYrQLWap1m/jWMQQ706UcYKCi4B6xhDPjZWoo+TrOzTjQKqP OOIPCxNajWmted7mbUbJaeTIxGj3 X-Google-Smtp-Source: ACcGV62Nl6/Hv0u7wK7I/XlbSDxQBnkf7ExgyUnIYBMAYrXP3lwfuB957ZO4IN30aS4OlBtsBaAH3Q== X-Received: by 2002:a1c:1d6:: with SMTP id 205-v6mr1524156wmb.151.1538573785092; Wed, 03 Oct 2018 06:36:25 -0700 (PDT) Received: from cplx43.eu.thmulti.com (14.125.146.82.ipv4.evonet.be. [82.146.125.14]) by smtp.gmail.com with ESMTPSA id a6-v6sm1815633wmf.22.2018.10.03.06.36.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 03 Oct 2018 06:36:24 -0700 (PDT) From: Hans Dedecker To: openwrt-devel@lists.openwrt.org Date: Wed, 3 Oct 2018 15:36:16 +0200 Message-Id: <20181003133618.8371-2-dedeckeh@gmail.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20181003133618.8371-1-dedeckeh@gmail.com> References: <20181003133618.8371-1-dedeckeh@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181003_063637_334626_8BB6D1E3 X-CRM114-Status: GOOD ( 18.84 ) X-Spam-Score: -0.1 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:331 listed in] [list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (dedeckeh[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain Subject: [OpenWrt-Devel] [PATCH 2/4][ubus] ubusd_acl: rework wildcard support X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hans Dedecker , john@phrozen.org, nbd@nbd.name MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Wildcard access list support was failing in case multiple wildcards entries were defined and/or when a specific access list string overlapped a wildcard entry. Root cause of the problem was the way how wildcard entries were sorted in the avl tree by the compare function ubusd_acl_match_path resulting into a non acces list match for a given object path. The avl_tree sorting has been changed to make use of avl_strcmp; as such there's no distinction anymore between non-wildcard and wildcard entries in the avl_tree compare function as the boolean partial marks an access list entry as a wildcard entry. When trying to find an access list match for an object path the access list tree is iterated as long as the number of characters between the access list string and object path is monotonically increasing. Signed-off-by: Hans Dedecker --- ubusd_acl.c | 111 ++++++++++++++++++++++++++++++++-------------------- 1 file changed, 69 insertions(+), 42 deletions(-) diff --git a/ubusd_acl.c b/ubusd_acl.c index 4b72663..fc11993 100644 --- a/ubusd_acl.c +++ b/ubusd_acl.c @@ -1,5 +1,6 @@ /* * Copyright (C) 2015 John Crispin + * Copyright (C) 2018 Hans Dedecker * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License version 2.1 @@ -40,6 +41,8 @@ struct ubusd_acl_obj { struct avl_node avl; struct list_head list; + bool partial; + const char *user; const char *group; @@ -68,19 +71,6 @@ static struct avl_tree ubusd_acls; static int ubusd_acl_seq; static struct ubus_object *acl_obj; -static int -ubusd_acl_match_path(const void *k1, const void *k2, void *ptr) -{ - const char *name = k1; - const char *match = k2; - char *wildcard = strstr(match, "\t"); - - if (wildcard) - return strncmp(name, match, wildcard - match); - - return strcmp(name, match); -} - static int ubusd_acl_match_cred(struct ubus_client *cl, struct ubusd_acl_obj *obj) { @@ -98,21 +88,35 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj, const char *method, enum ubusd_acl_type type) { struct ubusd_acl_obj *acl; - struct blob_attr *cur; - int rem; + int match_len = 0; - if (!cl->uid || !obj) + if (!cl || !cl->uid || !obj) return 0; - acl = avl_find_ge_element(&ubusd_acls, obj, acl, avl); - if (!acl) - return -1; + /* + * Since this tree is sorted alphabetically, we can only expect + * to find matching entries as long as the number of matching + * characters between the access list string and the object path + * is monotonically increasing. + */ + avl_for_each_element(&ubusd_acls, acl, avl) { + const char *key = acl->avl.key; + int cur_match_len; + bool full_match; + + full_match = ubus_strmatch_len(obj, key, &cur_match_len); + if (cur_match_len < match_len) + break; - avl_for_element_to_last(&ubusd_acls, acl, acl, avl) { - int diff = ubusd_acl_match_path(obj, acl->avl.key, NULL); + match_len = cur_match_len; - if (diff) - break; + if (!full_match) { + if (!acl->partial) + continue; + + if (match_len != strlen(key)) + continue; + } if (ubusd_acl_match_cred(cl, acl)) continue; @@ -129,11 +133,15 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj, break; case UBUS_ACL_ACCESS: - if (acl->methods) + if (acl->methods) { + struct blob_attr *cur; + int rem; + blobmsg_for_each_attr(cur, acl->methods, rem) if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) - if (!ubusd_acl_match_path(method, blobmsg_get_string(cur), NULL)) + if (!strcmp(method, blobmsg_get_string(cur))) return 0; + } break; } } @@ -212,19 +220,20 @@ static struct ubusd_acl_obj* ubusd_acl_alloc_obj(struct ubusd_acl_file *file, const char *obj) { struct ubusd_acl_obj *o; + int len = strlen(obj); char *k; + bool partial = false; - o = calloc_a(sizeof(*o), &k, strlen(obj) + 1); + if (obj[len - 1] == '*') { + partial = true; + len--; + } + + o = calloc_a(sizeof(*o), &k, len + 1); + o->partial = partial; o->user = file->user; o->group = file->group; - o->avl.key = k; - strcpy(k, obj); - - while (*k) { - if (*k == '*') - *k = '\t'; - k++; - } + o->avl.key = memcpy(k, obj, len); list_add(&o->list, &file->acl); avl_insert(&ubusd_acls, &o->avl); @@ -420,22 +429,39 @@ static void ubusd_reply_add(struct ubus_object *obj) { struct ubusd_acl_obj *acl; + int match_len = 0; if (!obj->path.key) return; - acl = avl_find_ge_element(&ubusd_acls, obj->path.key, acl, avl); - if (!acl) - return; - - avl_for_element_to_last(&ubusd_acls, acl, acl, avl) { + /* + * Since this tree is sorted alphabetically, we can only expect + * to find matching entries as long as the number of matching + * characters between the access list string and the object path + * is monotonically increasing. + */ + avl_for_each_element(&ubusd_acls, acl, avl) { + const char *key = acl->avl.key; + int cur_match_len; + bool full_match; void *c; if (!acl->priv) continue; - if (ubusd_acl_match_path(obj->path.key, acl->avl.key, NULL)) - continue; + full_match = ubus_strmatch_len(obj->path.key, key, &cur_match_len); + if (cur_match_len < match_len) + break; + + match_len = cur_match_len; + + if (!full_match) { + if (!acl->partial) + continue; + + if (match_len != strlen(key)) + continue; + } c = blobmsg_open_table(&b, NULL); blobmsg_add_string(&b, "obj", obj->path.key); @@ -450,6 +476,7 @@ ubusd_reply_add(struct ubus_object *obj) blobmsg_close_table(&b, c); } } + static int ubusd_reply_query(struct ubus_client *cl, struct ubus_msg_buf *ub, struct blob_attr **attr, struct blob_attr *msg) { struct ubus_object *obj; @@ -489,7 +516,7 @@ static int ubusd_acl_recv(struct ubus_client *cl, struct ubus_msg_buf *ub, const void ubusd_acl_init(void) { - avl_init(&ubusd_acls, ubusd_acl_match_path, true, NULL); + ubus_init_string_tree(&ubusd_acls, true); acl_obj = ubusd_create_object_internal(NULL, UBUS_SYSTEM_OBJECT_ACL); acl_obj->recv_msg = ubusd_acl_recv; } From patchwork Wed Oct 3 13:36:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans Dedecker X-Patchwork-Id: 978333 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="oRE81OZD"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="OJBFRsEk"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42QHF568l4z9s7h for ; Wed, 3 Oct 2018 23:39:37 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=hw3vK5Bf5JoeZ0Vfk5ARllDgg+kmJ35JyCjEzkdxL6Y=; b=oRE81OZD9MCXE3 EDM6LThYjh5ktWztMCP1e4TXGTZM5a89JEC8u4mrWbpKJF8y2b4FbAvcmgLtUr42m95plccL1b/tq P15pWnYXRUTTtlmQMlkzX8YEIo5rcU9iOkvxuC2kLBN4Uw0h7mN6uIB7aMuhq9xdyvAIdyP7Kq3/d /cO1kmoYDuvTRgxkoTRHYTfozMjeviQ7sW8M5+kcYSOWQs8jNRPbA+REpHqu6ybO6I08VmaGFV3QW SGSFtc8H40liEfQUC7HFtY/TFkWED4PmWda8qp80GzLegQb86quoD9lRAkKPniKGlW2QX/fYs41Si 65DzxxDt3pBrDDoXbt0g==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1g7hNA-0006NT-7Z; Wed, 03 Oct 2018 13:39:28 +0000 Received: from mail-wm1-f50.google.com ([209.85.128.50]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g7hKS-0005Ce-Vz for openwrt-devel@lists.openwrt.org; Wed, 03 Oct 2018 13:38:27 +0000 Received: by mail-wm1-f50.google.com with SMTP id 185-v6so5705431wmt.2 for ; Wed, 03 Oct 2018 06:36:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=VludbmG2lAjOX3fsF+cnY7R9q4gEQwcdZxGfNSi+PKo=; b=OJBFRsEkmhqpZQO0qekPAYdz+jrfyZRXTIqUe7h0qfEVLIzSrqTytfh0by6MoN3b0p OfguTLvRkb7K2hgsS8dz89VbnsqbuXc4OPb0GCNrmrbLlv+bfY/Y7fmvmwrvo4As4XsQ FDXxnLO26zOYgelzYzQUyhKLlvQ0Lw7luGMH2icU1aFkThTsh4IxU/INZcU3q/b/kNGk OCNClojFKCvU0xxJNo7UdnOzCNQP2fmC7JihiPW3IaCm5+CgpkS6NezgkpliZvDDoNEP w/We0rRZsWCI3xKHx2jPEevPFiWSA+iHfD61XgqZuKMICRiTbn9n22NsCL5CXCiOjjD1 Je7w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=VludbmG2lAjOX3fsF+cnY7R9q4gEQwcdZxGfNSi+PKo=; b=IVAwxo5dAnjwScQo04OdK21ziF88Ul4yHglddCxD0DUO6IWAnxdnwsQgzgp6bkmEIm oSV6SBjntHDtQzIO5V3TwmJ1G0yEFtS3zyfRfoyPbROVO2IgiTUmgzDMXKOWQd0mgFeq JFLcNKbuHHS3MO86tbhZA06KoOgZKPF6b0v6RvzJlKcUt7IiJtKCVo9PWxm9LN627jc+ wN6BaCKpyYg8mBeQnh9NUcTDJQYWSkNiH/RNoFqJrAW4Mwf984wzhI4kqZn/QBPgjtBu Su19FUbwrbZ5dt2AJBx6/nl9xx5YPYxfF/wU2Vd1dtjmwk0J9oC7SSxXOQK4njleFAyS uxEA== X-Gm-Message-State: ABuFfogqD/M6a59ybJblsnJvPf4tukfeeSzHibblUJWodDkjpwWtNVXh JBCvu0lFtVJe2G854rd6dtoYNsKG X-Google-Smtp-Source: ACcGV63YPy5E64n7yXXy85JhC9tfWZSBOruDY4MbL64oQTYHIz2MM+hNS1H+4p3BvLSL7G6o6c4p7Q== X-Received: by 2002:a1c:13c4:: with SMTP id 187-v6mr1567196wmt.66.1538573788331; Wed, 03 Oct 2018 06:36:28 -0700 (PDT) Received: from cplx43.eu.thmulti.com (14.125.146.82.ipv4.evonet.be. [82.146.125.14]) by smtp.gmail.com with ESMTPSA id a6-v6sm1815633wmf.22.2018.10.03.06.36.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 03 Oct 2018 06:36:27 -0700 (PDT) From: Hans Dedecker To: openwrt-devel@lists.openwrt.org Date: Wed, 3 Oct 2018 15:36:17 +0200 Message-Id: <20181003133618.8371-3-dedeckeh@gmail.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20181003133618.8371-1-dedeckeh@gmail.com> References: <20181003133618.8371-1-dedeckeh@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181003_063641_061719_99A20824 X-CRM114-Status: GOOD ( 13.31 ) X-Spam-Score: -0.1 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [209.85.128.50 listed in list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (dedeckeh[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain Subject: [OpenWrt-Devel] [PATCH 3/4][ubus] ubusd_acl: event listen access list support X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hans Dedecker , john@phrozen.org, Koen Dergent , nbd@nbd.name MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Adds event listen access list support in ubus via the "listen" keyword Example of a json file: { "user": "superuser", "listen": [ "network.*" ], } Signed-off-by: Koen Dergent Signed-off-by: Hans Dedecker --- ubusd_acl.c | 20 ++++++++++++++++++++ ubusd_acl.h | 1 + ubusd_event.c | 3 +++ 3 files changed, 24 insertions(+) diff --git a/ubusd_acl.c b/ubusd_acl.c index fc11993..992d0ea 100644 --- a/ubusd_acl.c +++ b/ubusd_acl.c @@ -51,6 +51,7 @@ struct ubusd_acl_obj { struct blob_attr *priv; bool subscribe; bool publish; + bool listen; }; struct ubusd_acl_file { @@ -132,6 +133,11 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj, return 0; break; + case UBUS_ACL_LISTEN: + if (acl->listen) + return 0; + break; + case UBUS_ACL_ACCESS: if (acl->methods) { struct blob_attr *cur; @@ -279,6 +285,13 @@ ubusd_acl_add_publish(struct ubusd_acl_file *file, const char *obj) o->publish = true; } +static void ubusd_acl_add_listen(struct ubusd_acl_file *file, const char *obj) +{ + struct ubusd_acl_obj *o = ubusd_acl_alloc_obj(file, obj); + + o->listen = true; +} + enum { ACL_USER, ACL_GROUP, @@ -286,6 +299,7 @@ enum { ACL_PUBLISH, ACL_SUBSCRIBE, ACL_INHERIT, + ACL_LISTEN, __ACL_MAX }; @@ -296,6 +310,7 @@ static const struct blobmsg_policy acl_policy[__ACL_MAX] = { [ACL_PUBLISH] = { .name = "publish", .type = BLOBMSG_TYPE_ARRAY }, [ACL_SUBSCRIBE] = { .name = "subscribe", .type = BLOBMSG_TYPE_ARRAY }, [ACL_INHERIT] = { .name = "inherit", .type = BLOBMSG_TYPE_ARRAY }, + [ACL_LISTEN] = { .name= "listen", .type = BLOBMSG_TYPE_ARRAY }, }; static void @@ -327,6 +342,11 @@ ubusd_acl_file_add(struct ubusd_acl_file *file) blobmsg_for_each_attr(cur, tb[ACL_PUBLISH], rem) if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) ubusd_acl_add_publish(file, blobmsg_get_string(cur)); + + if (tb[ACL_LISTEN]) + blobmsg_for_each_attr(cur, tb[ACL_LISTEN], rem) + if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) + ubusd_acl_add_listen(file, blobmsg_get_string(cur)); } static void diff --git a/ubusd_acl.h b/ubusd_acl.h index c5dfd8a..a6a6a30 100644 --- a/ubusd_acl.h +++ b/ubusd_acl.h @@ -18,6 +18,7 @@ enum ubusd_acl_type { UBUS_ACL_PUBLISH, UBUS_ACL_SUBSCRIBE, UBUS_ACL_ACCESS, + UBUS_ACL_LISTEN, }; int ubusd_acl_check(struct ubus_client *cl, const char *obj, const char *method, enum ubusd_acl_type type); diff --git a/ubusd_event.c b/ubusd_event.c index f07f826..6e612a1 100644 --- a/ubusd_event.c +++ b/ubusd_event.c @@ -88,6 +88,9 @@ static int ubusd_alloc_event_pattern(struct ubus_client *cl, struct blob_attr *m len--; } + if (pattern[0] && ubusd_acl_check(cl, pattern, NULL, UBUS_ACL_LISTEN)) + return UBUS_STATUS_PERMISSION_DENIED; + ev = calloc(1, sizeof(*ev) + len + 1); if (!ev) return UBUS_STATUS_NO_DATA; From patchwork Wed Oct 3 13:36:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans Dedecker X-Patchwork-Id: 978331 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="uh+LJ8pE"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=infradead.org header.i=@infradead.org header.b="dkjsibdw"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="pnQhvGqx"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42QHDC1PTsz9s1x for ; Wed, 3 Oct 2018 23:38:51 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=SuSxm+QsolDDpfrGCHajq7thuoA0wYf3gjriO+z69AI=; b=uh+LJ8pEHvtcIy qRG9WfiCMiLIpAi4w0XD9WLHvivZOm07PcmWcjUQIa8oRpT0hd7AXw1+Znqs4bRBtqKJ6J1eAfMlJ Zn8tv+JBwcYvGfUR5sQk8WuWisxkihL6zW6kQ3W01k4KYHEblV+pLBcFO007S53vJ1nnG+ngotcCV gct9PodvBlBMgiRFTLjjD1pneSYa0qI2XXFAvvwPz4RAVrzlXUL4sJbblT64+cvUOSgKuALJZBnZ1 yllc4C/C6F8NC5vn2KjabyTEQxnnie6Trs5A1nR8oJD6HE7c6PejUSENAG4+jUYvFxe+iFDjnXJNU oJIT+0R3CgIz6i6q4bKQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1g7hMQ-00063p-Sa; Wed, 03 Oct 2018 13:38:42 +0000 Received: from merlin.infradead.org ([2001:8b0:10b:1231::1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g7hKd-0005M2-Fy for openwrt-devel@bombadil.infradead.org; Wed, 03 Oct 2018 13:36:51 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=merlin.20170209; h=References:In-Reply-To:Message-Id:Date: Subject:Cc:To:From:Sender:Reply-To:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id: List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=k2/D1G3jMvZA29GOt5qbPnyZlSD2dguYHDjvdmgMFec=; b=dkjsibdw5bRo4K7vMeRs08EsD B84rExIYjRh7NaJRDwSN6Xprcr+ghCeOKxmQvMjd5Zay+R23cp1Y2psmkm4bDNr5TtI3qzirqKIs3 2F+3W420+AtUe2TbsSj8GThBjWxpJFJQv8DYP0DbKPqHKjdL21j6axhmZ53e4Fsd1zlax/DDLpbia BgR9TGpahDzj8zYQ9z0lOb42Pw2jic+A9ZXuq1ht1EpidWYEkqJno4osJPiHrsza6EQqweTUoz+wN N9gBwdI2lREwLDlDBAjBBP14uxha/0XITnFsyXc//tz6Jah+rhf2WYPsVrMaqVOCyUDtHWCd2JRh6 oWFZzBxbA==; Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d]) by merlin.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1g7hKZ-0006XZ-3z for openwrt-devel@lists.openwrt.org; Wed, 03 Oct 2018 13:36:48 +0000 Received: by mail-wr1-x42d.google.com with SMTP id 63-v6so6160290wra.11 for ; Wed, 03 Oct 2018 06:36:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=k2/D1G3jMvZA29GOt5qbPnyZlSD2dguYHDjvdmgMFec=; b=pnQhvGqxtMXreJZpjsnuklTKRGed3zG6+TmE3DYDO4dKKMneOWC1x12qWbNlAySX1P STS2MWny7Y6ABoOG6YDhTK3MxkvIsBVyrTeaZ/hSIk4zeqCa+g77s/8pfyejK67s6w+Q HUYpu81qQFCjwe2kgScoa1m2vSjjgt/DKV79Wvei5qMp9Lpz28jCfD4joY2Iflxv9ZbP YZiK9iV/2SLSLSh5pfXmrIV+0n1Q8E+KIhFTg5+msvKzHO9n/DdzZjck13f/dJ90S7pr ex5vccouIY2/XjhBiuXI+EV1snKRJj1WcUE1FObv8zbPZiVNWvfrHrjkJAPxiN/jkq1h YHEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=k2/D1G3jMvZA29GOt5qbPnyZlSD2dguYHDjvdmgMFec=; b=Y8NnhmxaRJadXy/gE/5LppB8iNm58nb7MNqYgniqRWoyAeIlww2IKbTKTbBsidfeca KiqOxvGeoAvuKyQnPCa1u4rSXMP2nFfePyVTlRRRkzh2HwPu3Hzy4KVfiZxvkFIKogS1 a8V6at6KKUGW1VLEwNF5l+TnUpyU5Oc5MWC3c4sYZvYQpXVOmhlgcfTYwanFp0umF19z iQhry01m14NnwmU7L94qEmnAKZbRltdiWmjOGPE3c0J/hE5WmmiWEEJMxW3BiD6aP0s2 YJlxnHq1xIME0U9aT0zorqt4H6cflSAlUBBapmscrmk6fn92AGs2uaGKpbeM0+aw7w2B SLpw== X-Gm-Message-State: ABuFfogUtv3UQF4wAM16Ym5hnJlE+5mFFxcBHsEjt7flGM5KpQvY81qK 9RIYvHEHTT9q6Tf8sqmtiAzM6QTA X-Google-Smtp-Source: ACcGV62kpzt0MLjOC5ivAw4v+3+4XK1N/fU07Dmdf1DpcfEuXSOKbbcvU6qQNZx6H78g6eU0yi8/AA== X-Received: by 2002:adf:fa4e:: with SMTP id y14-v6mr1372590wrr.155.1538573790125; Wed, 03 Oct 2018 06:36:30 -0700 (PDT) Received: from cplx43.eu.thmulti.com (14.125.146.82.ipv4.evonet.be. [82.146.125.14]) by smtp.gmail.com with ESMTPSA id a6-v6sm1815633wmf.22.2018.10.03.06.36.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 03 Oct 2018 06:36:29 -0700 (PDT) From: Hans Dedecker To: openwrt-devel@lists.openwrt.org Date: Wed, 3 Oct 2018 15:36:18 +0200 Message-Id: <20181003133618.8371-4-dedeckeh@gmail.com> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20181003133618.8371-1-dedeckeh@gmail.com> References: <20181003133618.8371-1-dedeckeh@gmail.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181003_093647_201254_B44FB0EB X-CRM114-Status: GOOD ( 15.82 ) X-Spam-Score: -0.1 (/) X-Spam-Report: SpamAssassin version 3.4.1 on merlin.infradead.org summary: Content analysis details: (-0.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [2a00:1450:4864:20:0:0:0:42d listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (dedeckeh[at]gmail.com) -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature Subject: [OpenWrt-Devel] [PATCH 4/4][ubus] ubusd_acl: event send access list support X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Hans Dedecker , john@phrozen.org, Koen Dergent , nbd@nbd.name MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Adds event send access list support in ubus via the "send" keyword Example of a json file: { "user": "superuser", "send": [ "wireless.*" ], } Signed-off-by: Koen Dergent Signed-off-by: Hans Dedecker --- ubusd_acl.c | 20 ++++++++++++++++++++ ubusd_acl.h | 1 + ubusd_event.c | 3 +++ 3 files changed, 24 insertions(+) diff --git a/ubusd_acl.c b/ubusd_acl.c index 992d0ea..6257f81 100644 --- a/ubusd_acl.c +++ b/ubusd_acl.c @@ -52,6 +52,7 @@ struct ubusd_acl_obj { bool subscribe; bool publish; bool listen; + bool send; }; struct ubusd_acl_file { @@ -138,6 +139,11 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj, return 0; break; + case UBUS_ACL_SEND: + if (acl->send) + return 0; + break; + case UBUS_ACL_ACCESS: if (acl->methods) { struct blob_attr *cur; @@ -292,6 +298,13 @@ static void ubusd_acl_add_listen(struct ubusd_acl_file *file, const char *obj) o->listen = true; } +static void ubusd_acl_add_send(struct ubusd_acl_file *file, const char *obj) +{ + struct ubusd_acl_obj *o = ubusd_acl_alloc_obj(file, obj); + + o->send = true; +} + enum { ACL_USER, ACL_GROUP, @@ -300,6 +313,7 @@ enum { ACL_SUBSCRIBE, ACL_INHERIT, ACL_LISTEN, + ACL_SEND, __ACL_MAX }; @@ -311,6 +325,7 @@ static const struct blobmsg_policy acl_policy[__ACL_MAX] = { [ACL_SUBSCRIBE] = { .name = "subscribe", .type = BLOBMSG_TYPE_ARRAY }, [ACL_INHERIT] = { .name = "inherit", .type = BLOBMSG_TYPE_ARRAY }, [ACL_LISTEN] = { .name= "listen", .type = BLOBMSG_TYPE_ARRAY }, + [ACL_SEND] = { .name= "send", .type = BLOBMSG_TYPE_ARRAY }, }; static void @@ -347,6 +362,11 @@ ubusd_acl_file_add(struct ubusd_acl_file *file) blobmsg_for_each_attr(cur, tb[ACL_LISTEN], rem) if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) ubusd_acl_add_listen(file, blobmsg_get_string(cur)); + + if (tb[ACL_SEND]) + blobmsg_for_each_attr(cur, tb[ACL_SEND], rem) + if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) + ubusd_acl_add_send(file, blobmsg_get_string(cur)); } static void diff --git a/ubusd_acl.h b/ubusd_acl.h index a6a6a30..11c8117 100644 --- a/ubusd_acl.h +++ b/ubusd_acl.h @@ -19,6 +19,7 @@ enum ubusd_acl_type { UBUS_ACL_SUBSCRIBE, UBUS_ACL_ACCESS, UBUS_ACL_LISTEN, + UBUS_ACL_SEND, }; int ubusd_acl_check(struct ubus_client *cl, const char *obj, const char *method, enum ubusd_acl_type type); diff --git a/ubusd_event.c b/ubusd_event.c index 6e612a1..712e704 100644 --- a/ubusd_event.c +++ b/ubusd_event.c @@ -142,6 +142,9 @@ int ubusd_send_event(struct ubus_client *cl, const char *id, struct event_source *ev; int match_len = 0; + if (ubusd_acl_check(cl, id, NULL, UBUS_ACL_SEND)) + return UBUS_STATUS_PERMISSION_DENIED; + obj_event_seq++; /*