RPC_DUMP_SID,
RPC_DUMP_TIMEOUT,
RPC_DUMP_EXPIRES,
- RPC_DUMP_ACLS,
RPC_DUMP_DATA,
__RPC_DUMP_MAX,
};
[RPC_DUMP_SID] = { .name = "sid", .type = BLOBMSG_TYPE_STRING },
[RPC_DUMP_TIMEOUT] = { .name = "timeout", .type = BLOBMSG_TYPE_INT32 },
[RPC_DUMP_EXPIRES] = { .name = "expires", .type = BLOBMSG_TYPE_INT32 },
- [RPC_DUMP_ACLS] = { .name = "acls", .type = BLOBMSG_TYPE_TABLE },
[RPC_DUMP_DATA] = { .name = "data", .type = BLOBMSG_TYPE_TABLE },
};
blobmsg_add_u32(&buf, "timeout", ses->timeout);
blobmsg_add_u32(&buf, "expires", uloop_timeout_remaining(&ses->t) / 1000);
- c = blobmsg_open_table(&buf, "acls");
- rpc_session_dump_acls(ses, &buf);
- blobmsg_close_table(&buf, c);
-
c = blobmsg_open_table(&buf, "data");
rpc_session_dump_data(ses, &buf);
blobmsg_close_table(&buf, c);
}
static int
-rpc_session_grant(struct rpc_session *ses, struct ubus_context *ctx,
+rpc_session_grant(struct rpc_session *ses,
const char *scope, const char *object, const char *function)
{
struct rpc_session_acl *acl;
}
static int
-rpc_session_revoke(struct rpc_session *ses, struct ubus_context *ctx,
+rpc_session_revoke(struct rpc_session *ses,
const char *scope, const char *object, const char *function)
{
struct rpc_session_acl *acl, *next;
const char *scope = "ubus";
int rem1, rem2;
- int (*cb)(struct rpc_session *ses, struct ubus_context *ctx,
- const char *scope, const char *object, const char *function);
+ int (*cb)(struct rpc_session *ses,
+ const char *scope, const char *object, const char *function);
blobmsg_parse(acl_policy, __RPC_SA_MAX, tb, blob_data(msg), blob_len(msg));
cb = rpc_session_revoke;
if (!tb[RPC_SA_OBJECTS])
- return cb(ses, ctx, scope, NULL, NULL);
+ return cb(ses, scope, NULL, NULL);
blobmsg_for_each_attr(attr, tb[RPC_SA_OBJECTS], rem1) {
if (blob_id(attr) != BLOBMSG_TYPE_ARRAY)
}
if (object && function)
- cb(ses, ctx, scope, object, function);
+ cb(ses, scope, object, function);
}
return 0;
if (!tb)
return UBUS_STATUS_INVALID_ARGUMENT;
+ if (!strcmp(blobmsg_get_string(tb), RPC_DEFAULT_SESSION_ID))
+ return UBUS_STATUS_PERMISSION_DENIED;
+
ses = rpc_session_get(blobmsg_data(tb));
if (!ses)
return UBUS_STATUS_NOT_FOUND;
#endif
}
- crypt_hash = crypt(hash, password);
+ crypt_hash = crypt(password, hash);
return !strcmp(crypt_hash, hash);
}
rpc_login_test_login(struct uci_context *uci,
const char *username, const char *password)
{
- struct uci_package *p;
+ struct uci_package *p = NULL;
struct uci_section *s;
struct uci_element *e;
struct uci_ptr ptr = { .package = "rpcd" };
if (strcmp(ptr.o->v.string, username))
continue;
+ /* If password is NULL, we're restoring ACLs for an existing session,
+ * in this case do not check the password again. */
+ if (!password)
+ return ptr.s;
+
/* test for matching password */
ptr.option = "password";
ptr.o = NULL;
if (blob_id(acl_func) != BLOBMSG_TYPE_STRING)
continue;
- rpc_session_grant(ses, NULL, blobmsg_name(acl_scope),
- blobmsg_name(acl_obj),
- blobmsg_data(acl_func));
+ rpc_session_grant(ses, blobmsg_name(acl_scope),
+ blobmsg_name(acl_obj),
+ blobmsg_data(acl_func));
}
}
}
if (blob_id(acl_obj) != BLOBMSG_TYPE_STRING)
continue;
- rpc_session_grant(ses, NULL, blobmsg_name(acl_scope),
- blobmsg_data(acl_obj),
- blobmsg_name(acl_perm));
+ rpc_session_grant(ses, blobmsg_name(acl_scope),
+ blobmsg_data(acl_obj),
+ blobmsg_name(acl_perm));
}
}
}
* access groups without having to test access of each single
* <scope>/<object>/<function> tuple defined in a group.
*/
- rpc_session_grant(ses, NULL, "access-group",
- blobmsg_name(acl_group),
- blobmsg_name(acl_perm));
+ rpc_session_grant(ses, "access-group",
+ blobmsg_name(acl_group),
+ blobmsg_name(acl_perm));
}
}
}
int timeout = RPC_DEFAULT_SESSION_TIMEOUT;
int rv = 0;
- blobmsg_parse(acl_policy, __RPC_L_MAX, tb, blob_data(msg), blob_len(msg));
+ blobmsg_parse(login_policy, __RPC_L_MAX, tb, blob_data(msg), blob_len(msg));
if (!tb[RPC_L_USERNAME] || !tb[RPC_L_PASSWORD]) {
rv = UBUS_STATUS_INVALID_ARGUMENT;
}
static bool
-rpc_session_from_blob(struct blob_attr *attr)
+rpc_session_from_blob(struct uci_context *uci, struct blob_attr *attr)
{
- int i, rem, rem2, rem3;
+ int i, rem;
+ const char *user = NULL;
struct rpc_session *ses;
- struct blob_attr *tb[__RPC_DUMP_MAX], *scope, *object, *function;
+ struct uci_section *login;
+ struct blob_attr *tb[__RPC_DUMP_MAX], *data;
blobmsg_parse(dump_policy, __RPC_DUMP_MAX, tb,
blob_data(attr), blob_len(attr));
ses->timeout = blobmsg_get_u32(tb[RPC_DUMP_TIMEOUT]);
- blobmsg_for_each_attr(scope, tb[RPC_DUMP_ACLS], rem) {
- blobmsg_for_each_attr(object, scope, rem2) {
- blobmsg_for_each_attr(function, object, rem3) {
- rpc_session_grant(ses, NULL, blobmsg_name(scope),
- blobmsg_name(object),
- blobmsg_data(function));
- }
- }
+ blobmsg_for_each_attr(data, tb[RPC_DUMP_DATA], rem) {
+ rpc_session_set(ses, blobmsg_name(data), data);
+
+ if (!strcmp(blobmsg_name(data), "username"))
+ user = blobmsg_get_string(data);
}
- blobmsg_for_each_attr(object, tb[RPC_DUMP_DATA], rem) {
- rpc_session_set(ses, blobmsg_name(object), object);
+ if (uci && user) {
+ login = rpc_login_test_login(uci, user, NULL);
+ if (login)
+ rpc_login_setup_acls(ses, login);
}
avl_insert(&sessions, &ses->avl);
char path[PATH_MAX];
struct dirent *e;
struct blob_attr *attr;
+ struct uci_context *uci;
d = opendir(RPC_SESSION_DIRECTORY);
if (!d)
return;
+ uci = uci_alloc_context();
+
+ if (!uci)
+ return;
+
while ((e = readdir(d)) != NULL) {
if (!rpc_validate_sid(e->d_name))
continue;
attr = rpc_blob_from_file(path);
if (attr) {
- rpc_session_from_blob(attr);
+ rpc_session_from_blob(uci, attr);
free(attr);
}
}
closedir(d);
+
+ uci_free_context(uci);
}
projects / project / rpcd.git / blobdiff