Message ID | 20201023010155.16357-1-ansuelsmth@gmail.com |
---|---|
State | Accepted |
Delegated to: | Daniel Golle |
Headers | show |
Series | ubusd_acl: add support for wildcard in methods | expand |
On Fri, Oct 23, 2020 at 03:01:55AM +0200, Ansuel Smith wrote: > Add support for wildcard in methods to permiss access to all methods > defined by the object. This can be usefull for process that run as > non-root user and needs to access ubus method. > > Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> > --- > ubusd_acl.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) Applied. Thanks!
On 25/10/2020 15:28, Daniel Golle wrote: > On Fri, Oct 23, 2020 at 03:01:55AM +0200, Ansuel Smith wrote: >> Add support for wildcard in methods to permiss access to all methods >> defined by the object. This can be usefull for process that run as >> non-root user and needs to access ubus method. >> >> Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> >> --- >> ubusd_acl.c | 8 ++++++-- >> 1 file changed, 6 insertions(+), 2 deletions(-) > > Applied. Thanks! After this gets some testing on master, can we please backport it to 19.07 (and preferably also 18.06) ? As usage of this (welcome!) feature increases, it would cause issues when backporting packages that adopt it, unless we also backport the feature itself...
diff --git a/ubusd_acl.c b/ubusd_acl.c index e426a4a..e050e2c 100644 --- a/ubusd_acl.c +++ b/ubusd_acl.c @@ -147,12 +147,16 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj, case UBUS_ACL_ACCESS: if (acl->methods) { struct blob_attr *cur; + char *cur_method; size_t rem; blobmsg_for_each_attr(cur, acl->methods, rem) - if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) - if (!strcmp(method, blobmsg_get_string(cur))) + if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) { + cur_method = blobmsg_get_string(cur); + + if (!strcmp(method, cur_method) || !strcmp("*", cur_method)) return 0; + } } break; }
Add support for wildcard in methods to permiss access to all methods defined by the object. This can be usefull for process that run as non-root user and needs to access ubus method. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> --- ubusd_acl.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)