static bool
parse_acl_scope(struct blob_attr *acl_perm, struct blob_attr *acl_scope,
- struct blob_buf *req)
+ struct blob_buf *req)
{
- struct blob_attr *acl_obj, *acl_func;
- int rem, rem2;
- void *c, *d;
-
- if (!strcmp(blobmsg_name(acl_scope), "ubus") &&
- blob_id(acl_scope) == BLOBMSG_TYPE_TABLE)
- {
- blobmsg_add_string(req, "scope", blobmsg_name(acl_scope));
- c = blobmsg_open_array(req, "objects");
-
- blobmsg_for_each_attr(acl_obj, acl_scope, rem)
- {
- if (blob_id(acl_obj) != BLOBMSG_TYPE_ARRAY)
- continue;
-
- blobmsg_for_each_attr(acl_func, acl_obj, rem2)
- {
- if (blob_id(acl_func) != BLOBMSG_TYPE_STRING)
- continue;
-
- d = blobmsg_open_array(req, NULL);
- blobmsg_add_string(req, NULL, blobmsg_name(acl_obj));
- blobmsg_add_string(req, NULL, blobmsg_data(acl_func));
- blobmsg_close_array(req, d);
- }
- }
-
- blobmsg_close_array(req, c);
- return true;
- }
- else if ((!strcmp(blobmsg_name(acl_scope), "uci") ||
- !strcmp(blobmsg_name(acl_scope), "luci-io")) &&
- blob_id(acl_scope) == BLOBMSG_TYPE_ARRAY)
- {
- blobmsg_add_string(req, "scope", blobmsg_name(acl_scope));
- c = blobmsg_open_array(req, "objects");
-
- blobmsg_for_each_attr(acl_obj, acl_scope, rem)
- {
- if (blob_id(acl_obj) != BLOBMSG_TYPE_STRING)
- continue;
+ struct blob_attr *acl_obj, *acl_func;
+ int rem, rem2;
+ void *c, *d;
+
+ if (!strcmp(blobmsg_name(acl_scope), "ubus") &&
+ blob_id(acl_scope) == BLOBMSG_TYPE_TABLE)
+ {
+ blobmsg_add_string(req, "scope", blobmsg_name(acl_scope));
+ c = blobmsg_open_array(req, "objects");
+
+ blobmsg_for_each_attr(acl_obj, acl_scope, rem)
+ {
+ if (blob_id(acl_obj) != BLOBMSG_TYPE_ARRAY)
+ continue;
+
+ blobmsg_for_each_attr(acl_func, acl_obj, rem2)
+ {
+ if (blob_id(acl_func) != BLOBMSG_TYPE_STRING)
+ continue;
+
+ d = blobmsg_open_array(req, NULL);
+ blobmsg_add_string(req, NULL, blobmsg_name(acl_obj));
+ blobmsg_add_string(req, NULL, blobmsg_data(acl_func));
+ blobmsg_close_array(req, d);
+ }
+ }
+
+ blobmsg_close_array(req, c);
+ return true;
+ }
+ else if ((!strcmp(blobmsg_name(acl_scope), "uci") ||
+ !strcmp(blobmsg_name(acl_scope), "luci-io")) &&
+ blob_id(acl_scope) == BLOBMSG_TYPE_ARRAY)
+ {
+ blobmsg_add_string(req, "scope", blobmsg_name(acl_scope));
+ c = blobmsg_open_array(req, "objects");
+
+ blobmsg_for_each_attr(acl_obj, acl_scope, rem)
+ {
+ if (blob_id(acl_obj) != BLOBMSG_TYPE_STRING)
+ continue;
d = blobmsg_open_array(req, NULL);
- blobmsg_add_string(req, NULL, blobmsg_data(acl_obj));
- blobmsg_add_string(req, NULL, blobmsg_name(acl_perm));
- blobmsg_close_array(req, d);
- }
+ blobmsg_add_string(req, NULL, blobmsg_data(acl_obj));
+ blobmsg_add_string(req, NULL, blobmsg_name(acl_perm));
+ blobmsg_close_array(req, d);
+ }
- blobmsg_close_array(req, c);
- return true;
- }
+ blobmsg_close_array(req, c);
+ return true;
+ }
- return false;
+ return false;
}
static struct uci_section *
test_user_access(struct uci_context *uci, const char *user)
{
- struct uci_package *p;
- struct uci_section *s;
+ struct uci_package *p;
+ struct uci_section *s;
struct uci_element *e;
- struct uci_ptr ptr = { .package = "luci", .option = "user" };
+ struct uci_ptr ptr = { .package = "luci", .option = "user" };
uci_load(uci, ptr.package, &p);
if (!p)
return false;
- uci_foreach_element(&p->sections, e)
- {
- s = uci_to_section(e);
+ uci_foreach_element(&p->sections, e)
+ {
+ s = uci_to_section(e);
- if (strcmp(s->type, "access"))
- continue;
+ if (strcmp(s->type, "access"))
+ continue;
- ptr.section = s->e.name;
- ptr.s = NULL;
- ptr.o = NULL;
+ ptr.section = s->e.name;
+ ptr.s = NULL;
+ ptr.o = NULL;
- if (uci_lookup_ptr(uci, &ptr, NULL, true))
- continue;
+ if (uci_lookup_ptr(uci, &ptr, NULL, true))
+ continue;
- if (ptr.o->type != UCI_TYPE_STRING)
- continue;
+ if (ptr.o->type != UCI_TYPE_STRING)
+ continue;
- if (strcmp(ptr.o->v.string, user))
- continue;
+ if (strcmp(ptr.o->v.string, user))
+ continue;
return ptr.s;
- }
+ }
- return NULL;
+ return NULL;
}
static bool
setup_session_cb(struct ubus_request *req, int type, struct blob_attr *msg)
{
struct blob_attr *tb[__SES_NEW_MAX];
- const char **sid = req->priv;
+ const char **sid = req->priv;
if (!msg)
return;
blobmsg_parse(ses_new_policy, __SES_NEW_MAX, tb,
- blob_data(msg), blob_len(msg));
+ blob_data(msg), blob_len(msg));
if (tb[SES_NEW_SID])
*sid = strdup(blobmsg_data(tb[SES_NEW_SID]));
const char *
setup_session(const char *user)
{
- uint32_t id;
- struct blob_buf req = { 0 }, acl = { 0 };
- struct blob_attr *acl_group, *acl_perm, *acl_scope;
- struct ubus_context *ctx = NULL;
- struct uci_context *uci = NULL;
+ uint32_t id;
+ struct blob_buf req = { 0 }, acl = { 0 };
+ struct blob_attr *acl_group, *acl_perm, *acl_scope;
+ struct ubus_context *ctx = NULL;
+ struct uci_context *uci = NULL;
struct uci_section *access;
- const char *sid = NULL;
- int i, rem, rem2, rem3;
- void *c, *d;
- glob_t gl;
+ const char *sid = NULL;
+ int i, rem, rem2, rem3;
+ void *c, *d;
+ glob_t gl;
- uci = uci_alloc_context();
+ uci = uci_alloc_context();
- if (!uci)
- goto out;
+ if (!uci)
+ goto out;
access = test_user_access(uci, user);
- /* continue without access group if user is root (backward compat) */
+ /* continue without access group if user is root (backward compat) */
if (!access && strcmp(user, "root"))
goto out;
- ctx = ubus_connect(NULL);
+ ctx = ubus_connect(NULL);
- if (!ctx || ubus_lookup_id(ctx, "session", &id))
- goto out;
+ if (!ctx || ubus_lookup_id(ctx, "session", &id))
+ goto out;
- blob_buf_init(&req, 0);
- blobmsg_add_u32(&req, "timeout", 3600);
- ubus_invoke(ctx, id, "create", req.head, setup_session_cb, &sid, 500);
+ blob_buf_init(&req, 0);
+ blobmsg_add_u32(&req, "timeout", 3600);
+ ubus_invoke(ctx, id, "create", req.head, setup_session_cb, &sid, 500);
- if (!sid)
- goto out;
+ if (!sid)
+ goto out;
- blob_buf_init(&req, 0);
- blobmsg_add_string(&req, "sid", sid);
- c = blobmsg_open_table(&req, "values");
- blobmsg_add_string(&req, "user", user);
- blobmsg_close_table(&req, c);
- ubus_invoke(ctx, id, "set", req.head, NULL, NULL, 500);
+ blob_buf_init(&req, 0);
+ blobmsg_add_string(&req, "sid", sid);
+ c = blobmsg_open_table(&req, "values");
+ blobmsg_add_string(&req, "user", user);
+ blobmsg_close_table(&req, c);
+ ubus_invoke(ctx, id, "set", req.head, NULL, NULL, 500);
- if (glob("/usr/share/luci2/acl.d/*.json", 0, NULL, &gl))
- goto out;
+ if (glob("/usr/share/luci2/acl.d/*.json", 0, NULL, &gl))
+ goto out;
- for (i = 0; i < gl.gl_pathc; i++)
- {
- blob_buf_init(&acl, 0);
+ for (i = 0; i < gl.gl_pathc; i++)
+ {
+ blob_buf_init(&acl, 0);
- if (!blobmsg_add_json_from_file(&acl, gl.gl_pathv[i]))
- {
- fprintf(stderr, "Failed to parse %s\n", gl.gl_pathv[i]);
- continue;
- }
+ if (!blobmsg_add_json_from_file(&acl, gl.gl_pathv[i]))
+ {
+ fprintf(stderr, "Failed to parse %s\n", gl.gl_pathv[i]);
+ continue;
+ }
- blob_for_each_attr(acl_group, acl.head, rem)
- {
+ blob_for_each_attr(acl_group, acl.head, rem)
+ {
blobmsg_for_each_attr(acl_perm, acl_group, rem2)
- {
- if (blob_id(acl_perm) != BLOBMSG_TYPE_TABLE)
- continue;
+ {
+ if (blob_id(acl_perm) != BLOBMSG_TYPE_TABLE)
+ continue;
- if (strcmp(blobmsg_name(acl_perm), "read") &&
- strcmp(blobmsg_name(acl_perm), "write"))
- continue;
+ if (strcmp(blobmsg_name(acl_perm), "read") &&
+ strcmp(blobmsg_name(acl_perm), "write"))
+ continue;
if (access != NULL &&
- !test_group_access(access, blobmsg_name(acl_perm),
- blobmsg_name(acl_group)))
+ !test_group_access(access, blobmsg_name(acl_perm),
+ blobmsg_name(acl_group)))
continue;
- blobmsg_for_each_attr(acl_scope, acl_perm, rem3)
- {
- blob_buf_init(&req, 0);
-
- if (!parse_acl_scope(acl_perm, acl_scope, &req))
- continue;
-
- blobmsg_add_string(&req, "sid", sid);
- ubus_invoke(ctx, id, "grant", req.head, NULL, NULL, 500);
-
-
- blob_buf_init(&req, 0);
- blobmsg_add_string(&req, "sid", sid);
- blobmsg_add_string(&req, "scope", "luci-ui");
- c = blobmsg_open_array(&req, "objects");
- d = blobmsg_open_array(&req, NULL);
- blobmsg_add_string(&req, NULL, blobmsg_name(acl_group));
- blobmsg_add_string(&req, NULL, blobmsg_name(acl_perm));
- blobmsg_close_array(&req, d);
- blobmsg_close_array(&req, c);
- ubus_invoke(ctx, id, "grant", req.head, NULL, NULL, 500);
- }
- }
- }
- }
+ blobmsg_for_each_attr(acl_scope, acl_perm, rem3)
+ {
+ blob_buf_init(&req, 0);
+
+ if (!parse_acl_scope(acl_perm, acl_scope, &req))
+ continue;
+
+ blobmsg_add_string(&req, "sid", sid);
+ ubus_invoke(ctx, id, "grant", req.head, NULL, NULL, 500);
+
+
+ blob_buf_init(&req, 0);
+ blobmsg_add_string(&req, "sid", sid);
+ blobmsg_add_string(&req, "scope", "luci-ui");
+ c = blobmsg_open_array(&req, "objects");
+ d = blobmsg_open_array(&req, NULL);
+ blobmsg_add_string(&req, NULL, blobmsg_name(acl_group));
+ blobmsg_add_string(&req, NULL, blobmsg_name(acl_perm));
+ blobmsg_close_array(&req, d);
+ blobmsg_close_array(&req, c);
+ ubus_invoke(ctx, id, "grant", req.head, NULL, NULL, 500);
+ }
+ }
+ }
+ }
globfree(&gl);
if (uci)
uci_free_context(uci);
- if (ctx)
- ubus_free(ctx);
+ if (ctx)
+ ubus_free(ctx);
- return sid;
+ return sid;
}