}
static void
-rpc_session_to_blob(struct rpc_session *ses)
+rpc_session_to_blob(struct rpc_session *ses, bool acls)
{
void *c;
blobmsg_add_u32(&buf, "timeout", ses->timeout);
blobmsg_add_u32(&buf, "expires", uloop_timeout_remaining(&ses->t) / 1000);
+ if (acls) {
+ c = blobmsg_open_table(&buf, "acls");
+ rpc_session_dump_acls(ses, &buf);
+ blobmsg_close_table(&buf, c);
+ }
+
c = blobmsg_open_table(&buf, "data");
rpc_session_dump_data(ses, &buf);
blobmsg_close_table(&buf, c);
rpc_session_dump(struct rpc_session *ses, struct ubus_context *ctx,
struct ubus_request_data *req)
{
- rpc_session_to_blob(ses);
+ rpc_session_to_blob(ses, true);
ubus_send_reply(ctx, req, buf.head);
}
struct blob_attr *msg)
{
struct rpc_session *ses;
- struct blob_attr *tb[__RPC_SA_MAX];
+ struct blob_attr *tb[__RPC_SS_MAX];
struct blob_attr *attr;
int rem;
{
struct rpc_session *ses;
struct rpc_session_data *data;
- struct blob_attr *tb[__RPC_SA_MAX];
+ struct blob_attr *tb[__RPC_SG_MAX];
struct blob_attr *attr;
void *c;
int rem;
rpc_login_test_permission(struct uci_section *s,
const char *perm, const char *group)
{
+ const char *p;
struct uci_option *o;
struct uci_element *e, *l;
if (strcmp(o->e.name, perm))
continue;
- uci_foreach_element(&o->v.list, l)
- if (l->name && !fnmatch(l->name, group, 0))
+ /* Match negative expressions first. If a negative expression matches
+ * the current group name then deny access. */
+ uci_foreach_element(&o->v.list, l) {
+ p = l->name;
+
+ if (!p || *p != '!')
+ continue;
+
+ while (isspace(*++p));
+
+ if (!*p)
+ continue;
+
+ if (!fnmatch(p, group, 0))
+ return false;
+ }
+
+ uci_foreach_element(&o->v.list, l) {
+ if (!l->name || !*l->name || *l->name == '!')
+ continue;
+
+ if (!fnmatch(l->name, group, 0))
return true;
+ }
}
/* make sure that write permission implies read permission */
continue;
snprintf(path, sizeof(path) - 1, RPC_SESSION_DIRECTORY "/%s", ses->id);
- rpc_session_to_blob(ses);
+ rpc_session_to_blob(ses, false);
rpc_blob_to_file(path, buf.head);
}
}