ubus: move sid into the params array of the json-rpc request to avoid information...

diff --git a/ubus.c b/ubus.c
index 307daaa..8129c20 100644 (file)
--- a/ubus.c
+++ b/ubus.c
@@ -63,6 +63,7 @@ static const struct blobmsg_policy ses_policy[__SES_MAX] = {
 
 struct rpc_data {
        struct blob_attr *id;
+       const char *sid;
        const char *method;
        const char *object;
        const char *function;
@@ -355,10 +356,11 @@ static bool parse_json_rpc(struct rpc_data *d, struct blob_attr *data)
        const struct blobmsg_policy data_policy[] = {
                { .type = BLOBMSG_TYPE_STRING },
                { .type = BLOBMSG_TYPE_STRING },
+               { .type = BLOBMSG_TYPE_STRING },
                { .type = BLOBMSG_TYPE_TABLE },
        };
        struct blob_attr *tb[__RPC_MAX];
-       struct blob_attr *tb2[3];
+       struct blob_attr *tb2[4];
        struct blob_attr *cur;
 
        blobmsg_parse(rpc_policy, __RPC_MAX, tb, blob_data(data), blob_len(data));
@@ -386,12 +388,18 @@ static bool parse_json_rpc(struct rpc_data *d, struct blob_attr *data)
                            blobmsg_data(d->params), blobmsg_data_len(d->params));
 
        if (tb2[0])
-               d->object = blobmsg_data(tb2[0]);
+               d->sid = blobmsg_data(tb2[0]);
+
+       if (conf.ubus_noauth && (!d->sid || !*d->sid))
+               d->sid = UH_UBUS_DEFAULT_SID;
 
        if (tb2[1])
-               d->function = blobmsg_data(tb2[1]);
+               d->object = blobmsg_data(tb2[1]);
+
+       if (tb2[2])
+               d->function = blobmsg_data(tb2[2]);
 
-       d->data = tb2[2];
+       d->data = tb2[3];
 
        return true;
 }
@@ -462,7 +470,7 @@ static void uh_ubus_handle_request_object(struct client *cl, struct json_object
                goto error;
 
        if (!strcmp(data.method, "call")) {
-               if (!data.object || !data.function || !data.data)
+               if (!data.sid || !data.object || !data.function || !data.data)
                        goto error;
 
                du->func = data.function;
@@ -471,7 +479,7 @@ static void uh_ubus_handle_request_object(struct client *cl, struct json_object
                        goto error;
                }
 
-               if (!conf.ubus_noauth && !uh_ubus_allowed(du->sid, data.object, data.function)) {
+               if (!conf.ubus_noauth && !uh_ubus_allowed(data.sid, data.object, data.function)) {
                        err = ERROR_ACCESS;
                        goto error;
                }
@@ -549,27 +557,10 @@ error:
 static void uh_ubus_handle_request(struct client *cl, char *url, struct path_info *pi)
 {
        struct dispatch *d = &cl->dispatch;
-       char *sid, *sep;
 
        blob_buf_init(&buf, 0);
 
-       if (conf.ubus_noauth) {
-               sid = UH_UBUS_DEFAULT_SID;
-       }
-       else {
-               url += strlen(conf.ubus_prefix);
-               while (*url == '/')
-                       url++;
-
-               sep = strchr(url, '/');
-               if (sep)
-                       *sep = 0;
-
-               sid = url;
-       }
-
-       if (strlen(sid) != 32 ||
-           cl->request.method != UH_HTTP_MSG_POST)
+       if (cl->request.method != UH_HTTP_MSG_POST)
                return ops->client_error(cl, 400, "Bad Request", "Invalid Request");
 
        d->close_fds = uh_ubus_close_fds;
@@ -577,7 +568,6 @@ static void uh_ubus_handle_request(struct client *cl, char *url, struct path_inf
        d->data_send = uh_ubus_data_send;
        d->data_done = uh_ubus_data_done;
        d->ubus.jstok = json_tokener_new();
-       d->ubus.sid = sid;
 }
 
 static bool

diff --git a/uhttpd.h b/uhttpd.h
index 0137eef..b289a24 100644 (file)
--- a/uhttpd.h
+++ b/uhttpd.h
@@ -187,7 +187,6 @@ struct dispatch_ubus {
        struct json_object *jsobj_cur;
        int post_len;
 
-       const char *sid;
        uint32_t obj;
        const char *func;