| Message ID | 20201023005827.16234-1-ansuelsmth@gmail.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [ubus] ubusd_acl: add support for wildcard in methods | expand |
Ignore... pls I will resend Il giorno ven 23 ott 2020 alle ore 02:58 Ansuel Smith <ansuelsmth@gmail.com> ha scritto: > > Add support for wildcard in methods to permiss access to all methods > defined by the object. This can be usefull for process that run as > non-root user and needs to access ubus method. > > Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> > --- > ...-add-support-for-wildcard-in-methods.patch | 37 +++++++++++++++++++ > ubusd_acl.c | 8 +++- > 2 files changed, 43 insertions(+), 2 deletions(-) > create mode 100644 0001-ubusd_acl-add-support-for-wildcard-in-methods.patch > > diff --git a/0001-ubusd_acl-add-support-for-wildcard-in-methods.patch b/0001-ubusd_acl-add-support-for-wildcard-in-methods.patch > new file mode 100644 > index 0000000..48dff5d > --- /dev/null > +++ b/0001-ubusd_acl-add-support-for-wildcard-in-methods.patch > @@ -0,0 +1,37 @@ > +From a1a5e03e652ac22851c58c68639d7d79ce5fc9ce Mon Sep 17 00:00:00 2001 > +From: Ansuel Smith <ansuelsmth@gmail.com> > +Date: Fri, 23 Oct 2020 02:50:12 +0200 > +Subject: [PATCH ubus] ubusd_acl: add support for wildcard in methods > + > +Add support for wildcard in methods to permiss access to all methods > +defined by the object. This can be usefull for process that run as > +non-root user and needs to access ubus method. > + > +Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> > +--- > + ubusd_acl.c | 5 ++++- > + 1 file changed, 4 insertions(+), 1 deletion(-) > + > +diff --git a/ubusd_acl.c b/ubusd_acl.c > +index e426a4a..734b3d0 100644 > +--- a/ubusd_acl.c > ++++ b/ubusd_acl.c > +@@ -147,11 +147,14 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj, > + case UBUS_ACL_ACCESS: > + if (acl->methods) { > + struct blob_attr *cur; > ++ char *cur_method; > + size_t rem; > + > + blobmsg_for_each_attr(cur, acl->methods, rem) > + if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) > +- if (!strcmp(method, blobmsg_get_string(cur))) > ++ cur_method = blobmsg_get_string(cur); > ++ > ++ if (!strcmp(method, cur_method) || !strcmp("*", cur_method)) > + return 0; > + } > + break; > +-- > +2.27.0 > + > diff --git a/ubusd_acl.c b/ubusd_acl.c > index e426a4a..e050e2c 100644 > --- a/ubusd_acl.c > +++ b/ubusd_acl.c > @@ -147,12 +147,16 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj, > case UBUS_ACL_ACCESS: > if (acl->methods) { > struct blob_attr *cur; > + char *cur_method; > size_t rem; > > blobmsg_for_each_attr(cur, acl->methods, rem) > - if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) > - if (!strcmp(method, blobmsg_get_string(cur))) > + if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) { > + cur_method = blobmsg_get_string(cur); > + > + if (!strcmp(method, cur_method) || !strcmp("*", cur_method)) > return 0; > + } > } > break; > } > -- > 2.27.0 >
diff --git a/0001-ubusd_acl-add-support-for-wildcard-in-methods.patch b/0001-ubusd_acl-add-support-for-wildcard-in-methods.patch new file mode 100644 index 0000000..48dff5d --- /dev/null +++ b/0001-ubusd_acl-add-support-for-wildcard-in-methods.patch @@ -0,0 +1,37 @@ +From a1a5e03e652ac22851c58c68639d7d79ce5fc9ce Mon Sep 17 00:00:00 2001 +From: Ansuel Smith <ansuelsmth@gmail.com> +Date: Fri, 23 Oct 2020 02:50:12 +0200 +Subject: [PATCH ubus] ubusd_acl: add support for wildcard in methods + +Add support for wildcard in methods to permiss access to all methods +defined by the object. This can be usefull for process that run as +non-root user and needs to access ubus method. + +Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> +--- + ubusd_acl.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/ubusd_acl.c b/ubusd_acl.c +index e426a4a..734b3d0 100644 +--- a/ubusd_acl.c ++++ b/ubusd_acl.c +@@ -147,11 +147,14 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj, + case UBUS_ACL_ACCESS: + if (acl->methods) { + struct blob_attr *cur; ++ char *cur_method; + size_t rem; + + blobmsg_for_each_attr(cur, acl->methods, rem) + if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) +- if (!strcmp(method, blobmsg_get_string(cur))) ++ cur_method = blobmsg_get_string(cur); ++ ++ if (!strcmp(method, cur_method) || !strcmp("*", cur_method)) + return 0; + } + break; +-- +2.27.0 + diff --git a/ubusd_acl.c b/ubusd_acl.c index e426a4a..e050e2c 100644 --- a/ubusd_acl.c +++ b/ubusd_acl.c @@ -147,12 +147,16 @@ ubusd_acl_check(struct ubus_client *cl, const char *obj, case UBUS_ACL_ACCESS: if (acl->methods) { struct blob_attr *cur; + char *cur_method; size_t rem; blobmsg_for_each_attr(cur, acl->methods, rem) - if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) - if (!strcmp(method, blobmsg_get_string(cur))) + if (blobmsg_type(cur) == BLOBMSG_TYPE_STRING) { + cur_method = blobmsg_get_string(cur); + + if (!strcmp(method, cur_method) || !strcmp("*", cur_method)) return 0; + } } break; }
Add support for wildcard in methods to permiss access to all methods defined by the object. This can be usefull for process that run as non-root user and needs to access ubus method. Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> --- ...-add-support-for-wildcard-in-methods.patch | 37 +++++++++++++++++++ ubusd_acl.c | 8 +++- 2 files changed, 43 insertions(+), 2 deletions(-) create mode 100644 0001-ubusd_acl-add-support-for-wildcard-in-methods.patch