Ubus
OpenWrt system message/RPC bus.
Enumerations | Functions
ubusd_acl.h File Reference

Go to the source code of this file.

Enumerations

enum  ubusd_acl_type {
  UBUS_ACL_PUBLISH , UBUS_ACL_SUBSCRIBE , UBUS_ACL_ACCESS , UBUS_ACL_LISTEN ,
  UBUS_ACL_SEND
}
 

Functions

int ubusd_acl_check (struct ubus_client *cl, const char *obj, const char *method, enum ubusd_acl_type type)
 
int ubusd_acl_init_client (struct ubus_client *cl, int fd)
 
void ubusd_acl_free_client (struct ubus_client *cl)
 
void ubusd_acl_load (void)
 

Enumeration Type Documentation

◆ ubusd_acl_type

enum ubusd_acl_type
Enumerator
UBUS_ACL_PUBLISH 
UBUS_ACL_SUBSCRIBE 
UBUS_ACL_ACCESS 
UBUS_ACL_LISTEN 
UBUS_ACL_SEND 

Definition at line 17 of file ubusd_acl.h.

17  {
18  UBUS_ACL_PUBLISH,
19  UBUS_ACL_SUBSCRIBE,
20  UBUS_ACL_ACCESS,
21  UBUS_ACL_LISTEN,
22  UBUS_ACL_SEND,
23 };
UBUS_ACL_PUBLISH
@ UBUS_ACL_PUBLISH
Definition: ubusd_acl.h:18
UBUS_ACL_SEND
@ UBUS_ACL_SEND
Definition: ubusd_acl.h:22
UBUS_ACL_ACCESS
@ UBUS_ACL_ACCESS
Definition: ubusd_acl.h:20
UBUS_ACL_LISTEN
@ UBUS_ACL_LISTEN
Definition: ubusd_acl.h:21
UBUS_ACL_SUBSCRIBE
@ UBUS_ACL_SUBSCRIBE
Definition: ubusd_acl.h:19

Function Documentation

◆ ubusd_acl_check()

int ubusd_acl_check ( struct ubus_client cl,
const char *  obj,
const char *  method,
enum ubusd_acl_type  type 
)

Definition at line 90 of file ubusd_acl.c.

92 {
93  struct ubusd_acl_obj *acl;
94  int match_len = 0;
95 
96  if (!cl || !cl->uid || !obj)
97  return 0;
98 
99  /*
100  * Since this tree is sorted alphabetically, we can only expect
101  * to find matching entries as long as the number of matching
102  * characters between the access list string and the object path
103  * is monotonically increasing.
104  */
105  avl_for_each_element(&ubusd_acls, acl, avl) {
106  const char *key = acl->avl.key;
107  int cur_match_len;
108  bool full_match;
109 
110  full_match = ubus_strmatch_len(obj, key, &cur_match_len);
111  if (cur_match_len < match_len)
112  break;
113 
114  match_len = cur_match_len;
115 
116  if (!full_match) {
117  if (!acl->partial)
118  continue;
119 
120  if (match_len != (int) strlen(key))
121  continue;
122  }
123 
124  if (ubusd_acl_match_cred(cl, acl))
125  continue;
126 
127  switch (type) {
128  case UBUS_ACL_PUBLISH:
129  if (acl->publish)
130  return 0;
131  break;
132 
133  case UBUS_ACL_SUBSCRIBE:
134  if (acl->subscribe)
135  return 0;
136  break;
137 
138  case UBUS_ACL_LISTEN:
139  if (acl->listen)
140  return 0;
141  break;
142 
143  case UBUS_ACL_SEND:
144  if (acl->send)
145  return 0;
146  break;
147 
148  case UBUS_ACL_ACCESS:
149  if (acl->methods) {
150  struct blob_attr *cur;
151  char *cur_method;
152  size_t rem;
153 
154  blobmsg_for_each_attr(cur, acl->methods, rem)
155  if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) {
156  cur_method = blobmsg_get_string(cur);
157 
158  if (!strcmp(method, cur_method) || !strcmp("*", cur_method))
159  return 0;
160  }
161  }
162  break;
163  }
164  }
165 
166  return -1;
167 }
ubus_client::uid
uid_t uid
Definition: ubusd.h:55
ubusd_acl_obj
Definition: ubusd_acl.c:41
ubusd_acl_obj::publish
bool publish
Definition: ubusd_acl.c:54
ubusd_acl_obj::subscribe
bool subscribe
Definition: ubusd_acl.c:53
ubusd_acl_obj::avl
struct avl_node avl
Definition: ubusd_acl.c:42
ubusd_acl_obj::send
bool send
Definition: ubusd_acl.c:56
ubusd_acl_obj::methods
struct blob_attr * methods
Definition: ubusd_acl.c:50
ubusd_acl_obj::listen
bool listen
Definition: ubusd_acl.c:55
ubusd_acl_obj::partial
bool partial
Definition: ubusd_acl.c:45
ubus_strmatch_len
static bool ubus_strmatch_len(const char *s1, const char *s2, int *len)
Definition: ubus_common.h:22
ubusd_acls
static struct avl_tree ubusd_acls
Definition: ubusd_acl.c:73
ubusd_acl_match_cred
static int ubusd_acl_match_cred(struct ubus_client *cl, struct ubusd_acl_obj *obj)
Definition: ubusd_acl.c:78
type
uint8_t type
Definition: ubusmsg.h:1
Here is the call graph for this function:
Here is the caller graph for this function:

◆ ubusd_acl_free_client()

void ubusd_acl_free_client ( struct ubus_client cl)

Definition at line 209 of file ubusd_acl.c.

210 {
211  free(cl->group);
212  free(cl->user);
213 }
ubus_client::user
char * user
Definition: ubusd.h:57
ubus_client::group
char * group
Definition: ubusd.h:58
Here is the caller graph for this function:

◆ ubusd_acl_init_client()

int ubusd_acl_init_client ( struct ubus_client cl,
int  fd 
)

Definition at line 170 of file ubusd_acl.c.

171 {
172  struct ucred cred;
173  struct passwd *pwd;
174  struct group *group;
175 
176 #ifdef SO_PEERCRED
177  unsigned int len = sizeof(struct ucred);
178 
179  if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cred, &len) == -1) {
180  ULOG_ERR("Failed getsockopt(): %m\n");
181  return -1;
182  }
183 #else
184  memset(&cred, 0, sizeof(cred));
185 #endif
186 
187  pwd = getpwuid(cred.uid);
188  if (!pwd) {
189  ULOG_ERR("Failed getpwuid(): %m\n");
190  return -1;
191  }
192 
193  group = getgrgid(cred.gid);
194  if (!group) {
195  ULOG_ERR("Failed getgrgid(): %m\n");
196  return -1;
197  }
198 
199  cl->uid = cred.uid;
200  cl->gid = cred.gid;
201 
202  cl->group = strdup(group->gr_name);
203  cl->user = strdup(pwd->pw_name);
204 
205  return 0;
206 }
ubus_client::gid
gid_t gid
Definition: ubusd.h:56
Here is the caller graph for this function:

◆ ubusd_acl_load()

void ubusd_acl_load ( void  )

Definition at line 445 of file ubusd_acl.c.

446 {
447  struct stat st;
448  glob_t gl;
449  size_t j;
450  const char *suffix = "/*.json";
451  char *path = alloca(strlen(ubusd_acl_dir) + strlen(suffix) + 1);
452 
453  sprintf(path, "%s%s", ubusd_acl_dir, suffix);
454  if (glob(path, GLOB_NOESCAPE | GLOB_MARK, NULL, &gl))
455  return;
456 
457  vlist_update(&ubusd_acl_files);
458  for (j = 0; j < gl.gl_pathc; j++) {
459  if (stat(gl.gl_pathv[j], &st) || !S_ISREG(st.st_mode))
460  continue;
461 
462  if (st.st_uid || st.st_gid) {
463  syslog(LOG_ERR, "%s has wrong owner\n", gl.gl_pathv[j]);
464  continue;
465  }
466  if (st.st_mode & (S_IWOTH | S_IWGRP | S_IXOTH)) {
467  syslog(LOG_ERR, "%s has wrong permissions\n", gl.gl_pathv[j]);
468  continue;
469  }
470  ubusd_acl_load_file(gl.gl_pathv[j]);
471  }
472 
473  globfree(&gl);
474  vlist_flush(&ubusd_acl_files);
475  ubusd_acl_seq++;
476  ubusd_send_event(NULL, "ubus.acl.sequence", ubusd_create_sequence_event_msg, NULL);
477 }
ubusd_send_event
int ubusd_send_event(struct ubus_client *cl, const char *id, event_fill_cb fill_cb, void *cb_priv)
Definition: ubusd_event.c:140
ubusd_acl_dir
const char * ubusd_acl_dir
Definition: ubusd_acl.c:71
ubusd_acl_seq
static int ubusd_acl_seq
Definition: ubusd_acl.c:74
ubusd_acl_load_file
static int ubusd_acl_load_file(const char *filename)
Definition: ubusd_acl.c:418
ubusd_create_sequence_event_msg
static struct ubus_msg_buf * ubusd_create_sequence_event_msg(void *priv, const char *id)
Definition: ubusd_acl.c:401
path
struct avl_tree path
Definition: ubusd_obj.c:19
Here is the call graph for this function:
Here is the caller graph for this function: