X-Git-Url: http://git.archive.openwrt.org/?p=project%2Frpcd.git;a=blobdiff_plain;f=session.c;h=951201bf00f592cb43b30298cb7507278438e307;hp=3cac6d95da48802c3cd8243f6c7ef4809bb2056a;hb=fb6e4604fb689d1918db3804a766b865cfaacbef;hpb=296c9d9ceb421bbf2a5c1b7c2e4d8167845fec93 diff --git a/session.c b/session.c index 3cac6d9..951201b 100644 --- a/session.c +++ b/session.c @@ -2,7 +2,7 @@ * rpcd - UBUS RPC server * * Copyright (C) 2013 Felix Fietkau - * Copyright (C) 2013 Jo-Philipp Wich + * Copyright (C) 2013-2014 Jo-Philipp Wich * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above @@ -26,6 +26,7 @@ #include #include #include +#include #ifdef HAVE_SHADOW #include @@ -39,12 +40,20 @@ static struct blob_buf buf; static LIST_HEAD(create_callbacks); static LIST_HEAD(destroy_callbacks); -static const struct blobmsg_policy new_policy = { - .name = "timeout", .type = BLOBMSG_TYPE_INT32 +enum { + RPC_SN_TIMEOUT, + __RPC_SN_MAX, +}; +static const struct blobmsg_policy new_policy[__RPC_SN_MAX] = { + [RPC_SN_TIMEOUT] = { .name = "timeout", .type = BLOBMSG_TYPE_INT32 }, }; -static const struct blobmsg_policy sid_policy = { - .name = "sid", .type = BLOBMSG_TYPE_STRING +enum { + RPC_SI_SID, + __RPC_SI_MAX, +}; +static const struct blobmsg_policy sid_policy[__RPC_SI_MAX] = { + [RPC_SI_SID] = { .name = "ubus_rpc_session", .type = BLOBMSG_TYPE_STRING }, }; enum { @@ -53,7 +62,7 @@ enum { __RPC_SS_MAX, }; static const struct blobmsg_policy set_policy[__RPC_SS_MAX] = { - [RPC_SS_SID] = { .name = "sid", .type = BLOBMSG_TYPE_STRING }, + [RPC_SS_SID] = { .name = "ubus_rpc_session", .type = BLOBMSG_TYPE_STRING }, [RPC_SS_VALUES] = { .name = "values", .type = BLOBMSG_TYPE_TABLE }, }; @@ -63,7 +72,7 @@ enum { __RPC_SG_MAX, }; static const struct blobmsg_policy get_policy[__RPC_SG_MAX] = { - [RPC_SG_SID] = { .name = "sid", .type = BLOBMSG_TYPE_STRING }, + [RPC_SG_SID] = { .name = "ubus_rpc_session", .type = BLOBMSG_TYPE_STRING }, [RPC_SG_KEYS] = { .name = "keys", .type = BLOBMSG_TYPE_ARRAY }, }; @@ -74,7 +83,7 @@ enum { __RPC_SA_MAX, }; static const struct blobmsg_policy acl_policy[__RPC_SA_MAX] = { - [RPC_SA_SID] = { .name = "sid", .type = BLOBMSG_TYPE_STRING }, + [RPC_SA_SID] = { .name = "ubus_rpc_session", .type = BLOBMSG_TYPE_STRING }, [RPC_SA_SCOPE] = { .name = "scope", .type = BLOBMSG_TYPE_STRING }, [RPC_SA_OBJECTS] = { .name = "objects", .type = BLOBMSG_TYPE_ARRAY }, }; @@ -87,7 +96,7 @@ enum { __RPC_SP_MAX, }; static const struct blobmsg_policy perm_policy[__RPC_SP_MAX] = { - [RPC_SP_SID] = { .name = "sid", .type = BLOBMSG_TYPE_STRING }, + [RPC_SP_SID] = { .name = "ubus_rpc_session", .type = BLOBMSG_TYPE_STRING }, [RPC_SP_SCOPE] = { .name = "scope", .type = BLOBMSG_TYPE_STRING }, [RPC_SP_OBJECT] = { .name = "object", .type = BLOBMSG_TYPE_STRING }, [RPC_SP_FUNCTION] = { .name = "function", .type = BLOBMSG_TYPE_STRING }, @@ -101,7 +110,7 @@ enum { __RPC_DUMP_MAX, }; static const struct blobmsg_policy dump_policy[__RPC_DUMP_MAX] = { - [RPC_DUMP_SID] = { .name = "sid", .type = BLOBMSG_TYPE_STRING }, + [RPC_DUMP_SID] = { .name = "ubus_rpc_session", .type = BLOBMSG_TYPE_STRING }, [RPC_DUMP_TIMEOUT] = { .name = "timeout", .type = BLOBMSG_TYPE_INT32 }, [RPC_DUMP_EXPIRES] = { .name = "expires", .type = BLOBMSG_TYPE_INT32 }, [RPC_DUMP_DATA] = { .name = "data", .type = BLOBMSG_TYPE_TABLE }, @@ -137,22 +146,28 @@ static const struct blobmsg_policy login_policy[__RPC_L_MAX] = { !fnmatch((_acl)->object, (_obj), FNM_NOESCAPE) && \ !fnmatch((_acl)->function, (_func), FNM_NOESCAPE)) -static void +static int rpc_random(char *dest) { unsigned char buf[16] = { 0 }; FILE *f; int i; + int ret; f = fopen("/dev/urandom", "r"); if (!f) - return; + return -1; - fread(buf, 1, sizeof(buf), f); + ret = fread(buf, 1, sizeof(buf), f); fclose(f); + if (ret < 0) + return ret; + for (i = 0; i < sizeof(buf); i++) sprintf(dest + (i<<1), "%02x", buf[i]); + + return 0; } static void @@ -209,7 +224,7 @@ rpc_session_to_blob(struct rpc_session *ses, bool acls) blob_buf_init(&buf, 0); - blobmsg_add_string(&buf, "sid", ses->id); + blobmsg_add_string(&buf, "ubus_rpc_session", ses->id); blobmsg_add_u32(&buf, "timeout", ses->timeout); blobmsg_add_u32(&buf, "expires", uloop_timeout_remaining(&ses->t) / 1000); @@ -307,7 +322,8 @@ rpc_session_create(int timeout) if (!ses) return NULL; - rpc_random(ses->id); + if (rpc_random(ses->id)) + return NULL; ses->timeout = timeout; @@ -343,7 +359,7 @@ rpc_handle_create(struct ubus_context *ctx, struct ubus_object *obj, struct blob_attr *tb; int timeout = RPC_DEFAULT_SESSION_TIMEOUT; - blobmsg_parse(&new_policy, 1, &tb, blob_data(msg), blob_len(msg)); + blobmsg_parse(new_policy, __RPC_SN_MAX, &tb, blob_data(msg), blob_len(msg)); if (tb) timeout = blobmsg_get_u32(tb); @@ -362,7 +378,7 @@ rpc_handle_list(struct ubus_context *ctx, struct ubus_object *obj, struct rpc_session *ses; struct blob_attr *tb; - blobmsg_parse(&sid_policy, 1, &tb, blob_data(msg), blob_len(msg)); + blobmsg_parse(sid_policy, __RPC_SI_MAX, &tb, blob_data(msg), blob_len(msg)); if (!tb) { avl_for_each_element(&sessions, ses, avl) @@ -526,14 +542,14 @@ rpc_handle_acl(struct ubus_context *ctx, struct ubus_object *obj, return cb(ses, scope, NULL, NULL); blobmsg_for_each_attr(attr, tb[RPC_SA_OBJECTS], rem1) { - if (blob_id(attr) != BLOBMSG_TYPE_ARRAY) + if (blobmsg_type(attr) != BLOBMSG_TYPE_ARRAY) continue; object = NULL; function = NULL; blobmsg_for_each_attr(sattr, attr, rem2) { - if (blob_id(sattr) != BLOBMSG_TYPE_STRING) + if (blobmsg_type(sattr) != BLOBMSG_TYPE_STRING) continue; if (!object) @@ -580,22 +596,31 @@ rpc_handle_access(struct ubus_context *ctx, struct ubus_object *obj, blobmsg_parse(perm_policy, __RPC_SP_MAX, tb, blob_data(msg), blob_len(msg)); - if (!tb[RPC_SP_SID] || !tb[RPC_SP_OBJECT] || !tb[RPC_SP_FUNCTION]) + if (!tb[RPC_SP_SID]) return UBUS_STATUS_INVALID_ARGUMENT; ses = rpc_session_get(blobmsg_data(tb[RPC_SP_SID])); if (!ses) return UBUS_STATUS_NOT_FOUND; - if (tb[RPC_SP_SCOPE]) - scope = blobmsg_data(tb[RPC_SP_SCOPE]); + blob_buf_init(&buf, 0); - allow = rpc_session_acl_allowed(ses, scope, - blobmsg_data(tb[RPC_SP_OBJECT]), - blobmsg_data(tb[RPC_SP_FUNCTION])); + if (tb[RPC_SP_OBJECT] && tb[RPC_SP_FUNCTION]) + { + if (tb[RPC_SP_SCOPE]) + scope = blobmsg_data(tb[RPC_SP_SCOPE]); + + allow = rpc_session_acl_allowed(ses, scope, + blobmsg_data(tb[RPC_SP_OBJECT]), + blobmsg_data(tb[RPC_SP_FUNCTION])); + + blobmsg_add_u8(&buf, "access", allow); + } + else + { + rpc_session_dump_acls(ses, &buf); + } - blob_buf_init(&buf, 0); - blobmsg_add_u8(&buf, "access", allow); ubus_send_reply(ctx, req, buf.head); return 0; @@ -676,7 +701,7 @@ rpc_handle_get(struct ubus_context *ctx, struct ubus_object *obj, if (tb[RPC_SG_KEYS]) blobmsg_for_each_attr(attr, tb[RPC_SG_KEYS], rem) { - if (blob_id(attr) != BLOBMSG_TYPE_STRING) + if (blobmsg_type(attr) != BLOBMSG_TYPE_STRING) continue; data = avl_find_element(&ses->data, blobmsg_data(attr), data, avl); @@ -724,7 +749,7 @@ rpc_handle_unset(struct ubus_context *ctx, struct ubus_object *obj, } blobmsg_for_each_attr(attr, tb[RPC_SG_KEYS], rem) { - if (blob_id(attr) != BLOBMSG_TYPE_STRING) + if (blobmsg_type(attr) != BLOBMSG_TYPE_STRING) continue; data = avl_find_element(&ses->data, blobmsg_data(attr), data, avl); @@ -746,7 +771,7 @@ rpc_handle_destroy(struct ubus_context *ctx, struct ubus_object *obj, struct rpc_session *ses; struct blob_attr *tb; - blobmsg_parse(&sid_policy, 1, &tb, blob_data(msg), blob_len(msg)); + blobmsg_parse(sid_policy, __RPC_SI_MAX, &tb, blob_data(msg), blob_len(msg)); if (!tb) return UBUS_STATUS_INVALID_ARGUMENT; @@ -936,13 +961,13 @@ rpc_login_setup_acl_scope(struct rpc_session *ses, * ] * } */ - if (blob_id(acl_scope) == BLOBMSG_TYPE_TABLE) { + if (blobmsg_type(acl_scope) == BLOBMSG_TYPE_TABLE) { blobmsg_for_each_attr(acl_obj, acl_scope, rem) { - if (blob_id(acl_obj) != BLOBMSG_TYPE_ARRAY) + if (blobmsg_type(acl_obj) != BLOBMSG_TYPE_ARRAY) continue; blobmsg_for_each_attr(acl_func, acl_obj, rem2) { - if (blob_id(acl_func) != BLOBMSG_TYPE_STRING) + if (blobmsg_type(acl_func) != BLOBMSG_TYPE_STRING) continue; rpc_session_grant(ses, blobmsg_name(acl_scope), @@ -962,9 +987,9 @@ rpc_login_setup_acl_scope(struct rpc_session *ses, * ... * ] */ - else if (blob_id(acl_scope) == BLOBMSG_TYPE_ARRAY) { + else if (blobmsg_type(acl_scope) == BLOBMSG_TYPE_ARRAY) { blobmsg_for_each_attr(acl_obj, acl_scope, rem) { - if (blob_id(acl_obj) != BLOBMSG_TYPE_STRING) + if (blobmsg_type(acl_obj) != BLOBMSG_TYPE_STRING) continue; rpc_session_grant(ses, blobmsg_name(acl_scope), @@ -993,7 +1018,7 @@ rpc_login_setup_acl_file(struct rpc_session *ses, struct uci_section *login, blob_for_each_attr(acl_group, acl.head, rem) { /* Iterate permission objects in each access group object */ blobmsg_for_each_attr(acl_perm, acl_group, rem2) { - if (blob_id(acl_perm) != BLOBMSG_TYPE_TABLE) + if (blobmsg_type(acl_perm) != BLOBMSG_TYPE_TABLE) continue; /* Only "read" and "write" permissions are defined */ @@ -1188,6 +1213,8 @@ rpc_blob_from_file(const char *path) if (len != blob_pad_len(&head)) goto fail; + close(fd); + return attr; fail: @@ -1250,15 +1277,15 @@ int rpc_session_api_init(struct ubus_context *ctx) struct rpc_session *ses; static const struct ubus_method session_methods[] = { - UBUS_METHOD("create", rpc_handle_create, &new_policy), - UBUS_METHOD("list", rpc_handle_list, &sid_policy), + UBUS_METHOD("create", rpc_handle_create, new_policy), + UBUS_METHOD("list", rpc_handle_list, sid_policy), UBUS_METHOD("grant", rpc_handle_acl, acl_policy), UBUS_METHOD("revoke", rpc_handle_acl, acl_policy), UBUS_METHOD("access", rpc_handle_access, perm_policy), UBUS_METHOD("set", rpc_handle_set, set_policy), UBUS_METHOD("get", rpc_handle_get, get_policy), UBUS_METHOD("unset", rpc_handle_unset, get_policy), - UBUS_METHOD("destroy", rpc_handle_destroy, &sid_policy), + UBUS_METHOD("destroy", rpc_handle_destroy, sid_policy), UBUS_METHOD("login", rpc_handle_login, login_policy), };