Use the `cgi-io` scope to check for permission to execute the requested
command (`upload`, `backup`) and the `file` scope to check path
permissions.
The reasoning of this change is that `cgi-io` is usually used in
conjunction with `rpcd-mod-file` to transfer large file data out
of band and `rpcd-mod-file` already uses the `file` scope to manage
file path access permissions. After this change, both `rpc-mod-file`
and `cgi-io` can share the same path acl rules.
Write access to a path can be granted by using an ubus call in the
following form:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/var/lib/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
include $(TOPDIR)/rules.mk
PKG_NAME:=cgi-io
include $(TOPDIR)/rules.mk
PKG_NAME:=cgi-io
PKG_LICENSE:=GPL-2.0-or-later
PKG_LICENSE:=GPL-2.0-or-later
define Package/cgi-io/install
$(INSTALL_DIR) $(1)/usr/libexec $(1)/www/cgi-bin/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/cgi-io $(1)/usr/libexec
define Package/cgi-io/install
$(INSTALL_DIR) $(1)/usr/libexec $(1)/www/cgi-bin/
$(INSTALL_BIN) $(PKG_BUILD_DIR)/cgi-io $(1)/usr/libexec
- $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-upload
+ $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-upload
$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-backup
endef
$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-backup
endef
-session_access(const char *sid, const char *obj, const char *func)
+session_access(const char *sid, const char *scope, const char *obj, const char *func)
{
uint32_t id;
bool allow = false;
{
uint32_t id;
bool allow = false;
blob_buf_init(&req, 0);
blobmsg_add_string(&req, "ubus_rpc_session", sid);
blob_buf_init(&req, 0);
blobmsg_add_string(&req, "ubus_rpc_session", sid);
- blobmsg_add_string(&req, "scope", "cgi-io");
+ blobmsg_add_string(&req, "scope", scope);
blobmsg_add_string(&req, "object", obj);
blobmsg_add_string(&req, "function", func);
blobmsg_add_string(&req, "object", obj);
blobmsg_add_string(&req, "function", func);
if (!st.filename)
return response(false, "File data without name");
if (!st.filename)
return response(false, "File data without name");
- if (!session_access(st.sessionid, st.filename, "write"))
+ if (!session_access(st.sessionid, "file", st.filename, "write"))
return response(false, "Access to path denied by ACL");
st.tempfd = mkstemp(tmpname);
return response(false, "Access to path denied by ACL");
st.tempfd = mkstemp(tmpname);
{
if (st.parttype == PART_SESSIONID)
{
{
if (st.parttype == PART_SESSIONID)
{
- if (!session_access(st.sessionid, "upload", "write"))
+ if (!session_access(st.sessionid, "cgi-io", "upload", "write"))
{
errno = EPERM;
return response(false, "Upload permission denied");
{
errno = EPERM;
return response(false, "Upload permission denied");
char hostname[64] = { 0 };
char *fields[] = { "sessionid", NULL };
char hostname[64] = { 0 };
char *fields[] = { "sessionid", NULL };
- if (!postdecode(fields, 1) || !session_access(fields[1], "backup", "read"))
+ if (!postdecode(fields, 1) || !session_access(fields[1], "cgi-io", "backup", "read"))
return failure(0, "Backup permission denied");
if (pipe(fds))
return failure(0, "Backup permission denied");
if (pipe(fds))