}
static bool
-session_access(const char *sid, const char *obj, const char *func)
+session_access(const char *sid, const char *scope, const char *obj, const char *func)
{
uint32_t id;
bool allow = false;
blob_buf_init(&req, 0);
blobmsg_add_string(&req, "ubus_rpc_session", sid);
- blobmsg_add_string(&req, "scope", "cgi-io");
+ blobmsg_add_string(&req, "scope", scope);
blobmsg_add_string(&req, "object", obj);
blobmsg_add_string(&req, "function", func);
if (!st.filename)
return response(false, "File data without name");
- if (!session_access(st.sessionid, st.filename, "write"))
+ if (!session_access(st.sessionid, "file", st.filename, "write"))
return response(false, "Access to path denied by ACL");
st.tempfd = mkstemp(tmpname);
{
if (st.parttype == PART_SESSIONID)
{
- if (!session_access(st.sessionid, "upload", "write"))
+ if (!session_access(st.sessionid, "cgi-io", "upload", "write"))
{
errno = EPERM;
return response(false, "Upload permission denied");
char hostname[64] = { 0 };
char *fields[] = { "sessionid", NULL };
- if (!postdecode(fields, 1) || !session_access(fields[1], "backup", "read"))
+ if (!postdecode(fields, 1) || !session_access(fields[1], "cgi-io", "backup", "read"))
return failure(0, "Backup permission denied");
if (pipe(fds))
projects / project / cgi-io.git / blobdiff