X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=session.c;h=784d7b9870e54e2a31ce87bd34377e4427f70de3;hb=6128bf647c1dad245f311223c63d8d7b9063a352;hp=9ad1552f00edf41ef64a0e891dab29130c2aa87e;hpb=5a101fcc08ec031e10c8727ee73975f450e8c424;p=project%2Frpcd.git diff --git a/session.c b/session.c index 9ad1552..784d7b9 100644 --- a/session.c +++ b/session.c @@ -97,7 +97,6 @@ enum { RPC_DUMP_SID, RPC_DUMP_TIMEOUT, RPC_DUMP_EXPIRES, - RPC_DUMP_ACLS, RPC_DUMP_DATA, __RPC_DUMP_MAX, }; @@ -105,7 +104,6 @@ static const struct blobmsg_policy dump_policy[__RPC_DUMP_MAX] = { [RPC_DUMP_SID] = { .name = "sid", .type = BLOBMSG_TYPE_STRING }, [RPC_DUMP_TIMEOUT] = { .name = "timeout", .type = BLOBMSG_TYPE_INT32 }, [RPC_DUMP_EXPIRES] = { .name = "expires", .type = BLOBMSG_TYPE_INT32 }, - [RPC_DUMP_ACLS] = { .name = "acls", .type = BLOBMSG_TYPE_TABLE }, [RPC_DUMP_DATA] = { .name = "data", .type = BLOBMSG_TYPE_TABLE }, }; @@ -215,10 +213,6 @@ rpc_session_to_blob(struct rpc_session *ses) blobmsg_add_u32(&buf, "timeout", ses->timeout); blobmsg_add_u32(&buf, "expires", uloop_timeout_remaining(&ses->t) / 1000); - c = blobmsg_open_table(&buf, "acls"); - rpc_session_dump_acls(ses, &buf); - blobmsg_close_table(&buf, c); - c = blobmsg_open_table(&buf, "data"); rpc_session_dump_data(ses, &buf); blobmsg_close_table(&buf, c); @@ -386,7 +380,7 @@ uh_id_len(const char *str) } static int -rpc_session_grant(struct rpc_session *ses, struct ubus_context *ctx, +rpc_session_grant(struct rpc_session *ses, const char *scope, const char *object, const char *function) { struct rpc_session_acl *acl; @@ -437,7 +431,7 @@ rpc_session_grant(struct rpc_session *ses, struct ubus_context *ctx, } static int -rpc_session_revoke(struct rpc_session *ses, struct ubus_context *ctx, +rpc_session_revoke(struct rpc_session *ses, const char *scope, const char *object, const char *function) { struct rpc_session_acl *acl, *next; @@ -502,8 +496,8 @@ rpc_handle_acl(struct ubus_context *ctx, struct ubus_object *obj, const char *scope = "ubus"; int rem1, rem2; - int (*cb)(struct rpc_session *ses, struct ubus_context *ctx, - const char *scope, const char *object, const char *function); + int (*cb)(struct rpc_session *ses, + const char *scope, const char *object, const char *function); blobmsg_parse(acl_policy, __RPC_SA_MAX, tb, blob_data(msg), blob_len(msg)); @@ -523,7 +517,7 @@ rpc_handle_acl(struct ubus_context *ctx, struct ubus_object *obj, cb = rpc_session_revoke; if (!tb[RPC_SA_OBJECTS]) - return cb(ses, ctx, scope, NULL, NULL); + return cb(ses, scope, NULL, NULL); blobmsg_for_each_attr(attr, tb[RPC_SA_OBJECTS], rem1) { if (blob_id(attr) != BLOBMSG_TYPE_ARRAY) @@ -545,7 +539,7 @@ rpc_handle_acl(struct ubus_context *ctx, struct ubus_object *obj, } if (object && function) - cb(ses, ctx, scope, object, function); + cb(ses, scope, object, function); } return 0; @@ -751,6 +745,9 @@ rpc_handle_destroy(struct ubus_context *ctx, struct ubus_object *obj, if (!tb) return UBUS_STATUS_INVALID_ARGUMENT; + if (!strcmp(blobmsg_get_string(tb), RPC_DEFAULT_SESSION_ID)) + return UBUS_STATUS_PERMISSION_DENIED; + ses = rpc_session_get(blobmsg_data(tb)); if (!ses) return UBUS_STATUS_NOT_FOUND; @@ -792,7 +789,7 @@ rpc_login_test_password(const char *hash, const char *password) #endif } - crypt_hash = crypt(hash, password); + crypt_hash = crypt(password, hash); return !strcmp(crypt_hash, hash); } @@ -801,7 +798,7 @@ static struct uci_section * rpc_login_test_login(struct uci_context *uci, const char *username, const char *password) { - struct uci_package *p; + struct uci_package *p = NULL; struct uci_section *s; struct uci_element *e; struct uci_ptr ptr = { .package = "rpcd" }; @@ -834,6 +831,11 @@ rpc_login_test_login(struct uci_context *uci, if (strcmp(ptr.o->v.string, username)) continue; + /* If password is NULL, we're restoring ACLs for an existing session, + * in this case do not check the password again. */ + if (!password) + return ptr.s; + /* test for matching password */ ptr.option = "password"; ptr.o = NULL; @@ -915,9 +917,9 @@ rpc_login_setup_acl_scope(struct rpc_session *ses, if (blob_id(acl_func) != BLOBMSG_TYPE_STRING) continue; - rpc_session_grant(ses, NULL, blobmsg_name(acl_scope), - blobmsg_name(acl_obj), - blobmsg_data(acl_func)); + rpc_session_grant(ses, blobmsg_name(acl_scope), + blobmsg_name(acl_obj), + blobmsg_data(acl_func)); } } } @@ -937,9 +939,9 @@ rpc_login_setup_acl_scope(struct rpc_session *ses, if (blob_id(acl_obj) != BLOBMSG_TYPE_STRING) continue; - rpc_session_grant(ses, NULL, blobmsg_name(acl_scope), - blobmsg_data(acl_obj), - blobmsg_name(acl_perm)); + rpc_session_grant(ses, blobmsg_name(acl_scope), + blobmsg_data(acl_obj), + blobmsg_name(acl_perm)); } } } @@ -1004,9 +1006,9 @@ rpc_login_setup_acl_file(struct rpc_session *ses, struct uci_section *login, * access groups without having to test access of each single * // tuple defined in a group. */ - rpc_session_grant(ses, NULL, "access-group", - blobmsg_name(acl_group), - blobmsg_name(acl_perm)); + rpc_session_grant(ses, "access-group", + blobmsg_name(acl_group), + blobmsg_name(acl_perm)); } } } @@ -1042,7 +1044,7 @@ rpc_handle_login(struct ubus_context *ctx, struct ubus_object *obj, int timeout = RPC_DEFAULT_SESSION_TIMEOUT; int rv = 0; - blobmsg_parse(acl_policy, __RPC_L_MAX, tb, blob_data(msg), blob_len(msg)); + blobmsg_parse(login_policy, __RPC_L_MAX, tb, blob_data(msg), blob_len(msg)); if (!tb[RPC_L_USERNAME] || !tb[RPC_L_PASSWORD]) { rv = UBUS_STATUS_INVALID_ARGUMENT; @@ -1171,11 +1173,13 @@ fail: } static bool -rpc_session_from_blob(struct blob_attr *attr) +rpc_session_from_blob(struct uci_context *uci, struct blob_attr *attr) { - int i, rem, rem2, rem3; + int i, rem; + const char *user = NULL; struct rpc_session *ses; - struct blob_attr *tb[__RPC_DUMP_MAX], *scope, *object, *function; + struct uci_section *login; + struct blob_attr *tb[__RPC_DUMP_MAX], *data; blobmsg_parse(dump_policy, __RPC_DUMP_MAX, tb, blob_data(attr), blob_len(attr)); @@ -1193,18 +1197,17 @@ rpc_session_from_blob(struct blob_attr *attr) ses->timeout = blobmsg_get_u32(tb[RPC_DUMP_TIMEOUT]); - blobmsg_for_each_attr(scope, tb[RPC_DUMP_ACLS], rem) { - blobmsg_for_each_attr(object, scope, rem2) { - blobmsg_for_each_attr(function, object, rem3) { - rpc_session_grant(ses, NULL, blobmsg_name(scope), - blobmsg_name(object), - blobmsg_data(function)); - } - } + blobmsg_for_each_attr(data, tb[RPC_DUMP_DATA], rem) { + rpc_session_set(ses, blobmsg_name(data), data); + + if (!strcmp(blobmsg_name(data), "username")) + user = blobmsg_get_string(data); } - blobmsg_for_each_attr(object, tb[RPC_DUMP_DATA], rem) { - rpc_session_set(ses, blobmsg_name(object), object); + if (uci && user) { + login = rpc_login_test_login(uci, user, NULL); + if (login) + rpc_login_setup_acls(ses, login); } avl_insert(&sessions, &ses->avl); @@ -1304,12 +1307,18 @@ void rpc_session_thaw(void) char path[PATH_MAX]; struct dirent *e; struct blob_attr *attr; + struct uci_context *uci; d = opendir(RPC_SESSION_DIRECTORY); if (!d) return; + uci = uci_alloc_context(); + + if (!uci) + return; + while ((e = readdir(d)) != NULL) { if (!rpc_validate_sid(e->d_name)) continue; @@ -1320,7 +1329,7 @@ void rpc_session_thaw(void) attr = rpc_blob_from_file(path); if (attr) { - rpc_session_from_blob(attr); + rpc_session_from_blob(uci, attr); free(attr); } @@ -1328,4 +1337,6 @@ void rpc_session_thaw(void) } closedir(d); + + uci_free_context(uci); }