X-Git-Url: http://git.openwrt.org/?p=project%2Frpcd.git;a=blobdiff_plain;f=uci.c;h=5f26dbd625f309e3773784ce85f9db715e3cb963;hp=acbbfd808c6139f5e8b7a8768c53d6476dd8da27;hb=948bb5187523ee596f2de64bd6b94ec9a7f27546;hpb=7c789622a6cc7e295db3f452a2b1e7b955f427aa

diff --git a/uci.c b/uci.c
index acbbfd8..5f26dbd 100644
--- a/uci.c
+++ b/uci.c
@@ -23,13 +23,15 @@
 #include <libubox/blobmsg_json.h>
 
 #include <rpcd/uci.h>
+#include <rpcd/exec.h>
 #include <rpcd/session.h>
 
 static struct blob_buf buf;
 static struct uci_context *cursor;
 static struct uloop_timeout apply_timer;
 static struct ubus_context *apply_ctx;
-static char apply_sid[RPC_SID_LEN + 1];
+
+char apply_sid[RPC_SID_LEN + 1];
 
 enum {
 	RPC_G_CONFIG,
@@ -179,6 +181,60 @@ static const struct blobmsg_policy rpc_uci_rollback_policy[__RPC_B_MAX] = {
 	                                        .type = BLOBMSG_TYPE_STRING },
 };
 
+/*
+ * Validate a uci name
+ */
+static bool
+rpc_uci_verify_str(const char *name, bool extended, bool type)
+{
+	const char *c;
+	char *e;
+
+	if (!name || !*name)
+		return false;
+
+	if (extended && *name != '@')
+		extended = false;
+
+	for (c = name + extended; *c; c++)
+		if (!isalnum(*c) && *c != '_' && ((!type && !extended) || *c != '-'))
+			break;
+
+	if (extended) {
+		if (*c != '[')
+			return false;
+
+		strtol(++c, &e, 10);
+
+		return (e > c && *e == ']' && *(e+1) == 0);
+	}
+
+	return (*c == 0);
+}
+
+/*
+ * Check that string is a valid, shell compatible uci name
+ */
+static bool rpc_uci_verify_name(const char *name) {
+	return rpc_uci_verify_str(name, false, false);
+}
+
+/*
+ * Check that string is a valid section type name
+ */
+static bool rpc_uci_verify_type(const char *type) {
+	return rpc_uci_verify_str(type, false, true);
+}
+
+/*
+ * Check that the string is a valid section id, optionally in extended
+ * lookup notation
+ */
+static bool rpc_uci_verify_section(const char *section) {
+	return rpc_uci_verify_str(section, true, false);
+}
+
+
 /*
  * Turn uci error state into ubus return code
  */
@@ -201,6 +257,29 @@ rpc_uci_status(void)
 	}
 }
 
+/*
+ * Clear all save directories from the uci cursor and append the given path
+ * as new save directory.
+ */
+static void
+rpc_uci_replace_savedir(const char *path)
+{
+	struct uci_element *e, *tmp;
+
+	uci_foreach_element_safe(&cursor->delta_path, tmp, e) {
+		if (e->name)
+			free(e->name);
+
+		free(e);
+	}
+
+	cursor->delta_path.prev = &cursor->delta_path;
+	cursor->delta_path.next = &cursor->delta_path;
+
+	if (path)
+		uci_set_savedir(cursor, path);
+}
+
 /*
  * Setup per-session delta save directory. If the passed "sid" blob attribute
  * pointer is NULL then the precedure was not invoked through the ubus-rpc so
@@ -213,14 +292,14 @@ rpc_uci_set_savedir(struct blob_attr *sid)
 
 	if (!sid)
 	{
-		uci_set_savedir(cursor, "/tmp/.uci");
+		rpc_uci_replace_savedir("/tmp/.uci");
 		return;
 	}
 
 	snprintf(path, sizeof(path) - 1,
 	         RPC_UCI_SAVEDIR_PREFIX "%s", blobmsg_get_string(sid));
 
-	uci_set_savedir(cursor, path);
+	rpc_uci_replace_savedir(path);
 }
 
 /*
@@ -271,8 +350,7 @@ rpc_uci_format_blob(struct blob_attr *v, const char **p)
 	switch (blobmsg_type(v))
 	{
 	case BLOBMSG_TYPE_STRING:
-		if (blobmsg_data_len(v) > 1)
-			*p = blobmsg_data(v);
+		*p = blobmsg_data(v);
 		break;
 
 	case BLOBMSG_TYPE_INT64:
@@ -609,7 +687,7 @@ rpc_uci_add(struct ubus_context *ctx, struct ubus_object *obj,
 	struct uci_package *p = NULL;
 	struct uci_section *s;
 	struct uci_ptr ptr = { 0 };
-	int rem, rem2;
+	int rem, rem2, err = 0;
 
 	blobmsg_parse(rpc_uci_add_policy, __RPC_A_MAX, tb,
 	              blob_data(msg), blob_len(msg));
@@ -620,6 +698,13 @@ rpc_uci_add(struct ubus_context *ctx, struct ubus_object *obj,
 	if (!rpc_uci_write_access(tb[RPC_A_SESSION], tb[RPC_A_CONFIG]))
 		return UBUS_STATUS_PERMISSION_DENIED;
 
+	if (!rpc_uci_verify_type(blobmsg_data(tb[RPC_A_TYPE])))
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
+	if (tb[RPC_A_NAME] &&
+	    !rpc_uci_verify_name(blobmsg_data(tb[RPC_A_NAME])))
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
 	ptr.package = blobmsg_data(tb[RPC_A_CONFIG]);
 
 	if (uci_load(cursor, ptr.package, &p))
@@ -652,35 +737,69 @@ rpc_uci_add(struct ubus_context *ctx, struct ubus_object *obj,
 			ptr.o = NULL;
 			ptr.option = blobmsg_name(cur);
 
+			if (!rpc_uci_verify_name(ptr.option))
+			{
+				if (!err)
+					err = UBUS_STATUS_INVALID_ARGUMENT;
+
+				continue;
+			}
+
 			if (rpc_uci_lookup(&ptr) || !ptr.s)
+			{
+				if (!err)
+					err = UBUS_STATUS_NOT_FOUND;
+
 				continue;
+			}
 
 			switch (blobmsg_type(cur))
 			{
 			case BLOBMSG_TYPE_ARRAY:
 				blobmsg_for_each_attr(elem, cur, rem2)
-					if (rpc_uci_format_blob(elem, &ptr.value))
-						uci_add_list(cursor, &ptr);
+				{
+					if (!rpc_uci_format_blob(elem, &ptr.value))
+					{
+						if (!err)
+							err = UBUS_STATUS_INVALID_ARGUMENT;
+
+						continue;
+					}
+
+					uci_add_list(cursor, &ptr);
+				}
+
 				break;
 
 			default:
-				if (rpc_uci_format_blob(cur, &ptr.value))
+				if (!rpc_uci_format_blob(cur, &ptr.value))
+				{
+					if (!err)
+						err = UBUS_STATUS_INVALID_ARGUMENT;
+				}
+				else
+				{
 					uci_set(cursor, &ptr);
+				}
+
 				break;
 			}
 		}
 	}
 
-	uci_save(cursor, p);
+	if (!err)
+	{
+		uci_save(cursor, p);
 
-	blob_buf_init(&buf, 0);
-	blobmsg_add_string(&buf, "section", ptr.section);
-	ubus_send_reply(ctx, req, buf.head);
+		blob_buf_init(&buf, 0);
+		blobmsg_add_string(&buf, "section", ptr.section);
+		ubus_send_reply(ctx, req, buf.head);
+	}
 
 out:
 	uci_unload(cursor, p);
 
-	return rpc_uci_status();
+	return err ? err : rpc_uci_status();
 }
 
 /*
@@ -702,6 +821,9 @@ rpc_uci_merge_set(struct blob_attr *opt, struct uci_ptr *ptr)
 	ptr->option = blobmsg_name(opt);
 	ptr->value = NULL;
 
+	if (!rpc_uci_verify_name(ptr->option))
+		return;
+
 	if (rpc_uci_lookup(ptr) || !ptr->s)
 		return;
 
@@ -750,6 +872,10 @@ rpc_uci_set(struct ubus_context *ctx, struct ubus_object *obj,
 	if (!rpc_uci_write_access(tb[RPC_S_SESSION], tb[RPC_S_CONFIG]))
 		return UBUS_STATUS_PERMISSION_DENIED;
 
+	if (tb[RPC_S_SECTION] &&
+	    !rpc_uci_verify_section(blobmsg_data(tb[RPC_S_SECTION])))
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
 	ptr.package = blobmsg_data(tb[RPC_S_CONFIG]);
 
 	if (uci_load(cursor, ptr.package, &p))
@@ -913,6 +1039,9 @@ rpc_uci_rename(struct ubus_context *ctx, struct ubus_object *obj,
 	ptr.section = blobmsg_data(tb[RPC_R_SECTION]);
 	ptr.value   = blobmsg_data(tb[RPC_R_NAME]);
 
+	if (!rpc_uci_verify_name(ptr.value))
+		return UBUS_STATUS_INVALID_ARGUMENT;
+
 	if (tb[RPC_R_OPTION])
 		ptr.option = blobmsg_data(tb[RPC_R_OPTION]);
 
@@ -948,7 +1077,7 @@ rpc_uci_order(struct ubus_context *ctx, struct ubus_object *obj,
 	struct blob_attr *cur;
 	struct uci_package *p = NULL;
 	struct uci_ptr ptr = { 0 };
-	int rem, i = 1;
+	int rem, i = 0;
 
 	blobmsg_parse(rpc_uci_order_policy, __RPC_O_MAX, tb,
 	              blob_data(msg), blob_len(msg));
@@ -1150,7 +1279,10 @@ rpc_uci_revert_commit(struct ubus_context *ctx, struct blob_attr *msg, bool comm
 	else
 	{
 		if (!uci_lookup_ptr(cursor, &ptr, NULL, true) && ptr.p)
+		{
 			uci_revert(cursor, &ptr);
+			uci_unload(cursor, ptr.p);
+		}
 	}
 
 	return rpc_uci_status();
@@ -1269,17 +1401,53 @@ rpc_uci_copy_file(const char *src, const char *target, const char *file)
 		fclose(out);
 }
 
+static int
+rpc_uci_apply_access(const char *sid, glob_t *gl)
+{
+	struct stat s;
+	int i, c = 0;
+
+	if (gl->gl_pathc < 3)
+		return UBUS_STATUS_NO_DATA;
+
+	for (i = 0; i < gl->gl_pathc; i++) {
+		char *config = basename(gl->gl_pathv[i]);
+
+		if (*config == '.')
+			continue;
+		if (stat(gl->gl_pathv[i], &s) || !s.st_size)
+			continue;
+		if (!rpc_session_access(sid, "uci", config, "write"))
+			return UBUS_STATUS_PERMISSION_DENIED;
+		c++;
+	}
+
+	if (!c)
+		return UBUS_STATUS_NO_DATA;
+
+	return 0;
+}
+
 static void
-rpc_uci_do_rollback(struct ubus_context *ctx, const char *sid, glob_t *gl)
+rpc_uci_do_rollback(struct ubus_context *ctx, glob_t *gl)
 {
-	int i;
+	int i, deny;
 	char tmp[PATH_MAX];
 
-	if (sid) {
-		snprintf(tmp, sizeof(tmp), RPC_UCI_SAVEDIR_PREFIX "%s/", sid);
+	/* Test apply permission to see if the initiator session still exists.
+	 * If it does, restore the delta files as well, else just restore the
+	 * main configuration files. */
+	deny = apply_sid[0]
+		? rpc_uci_apply_access(apply_sid, gl) : UBUS_STATUS_NOT_FOUND;
+
+	if (!deny) {
+		snprintf(tmp, sizeof(tmp), RPC_UCI_SAVEDIR_PREFIX "%s/", apply_sid);
 		mkdir(tmp, 0700);
 	}
 
+	/* avoid merging unrelated uci changes when restoring old configs */
+	rpc_uci_replace_savedir("/dev/null");
+
 	for (i = 0; i < gl->gl_pathc; i++) {
 		char *config = basename(gl->gl_pathv[i]);
 
@@ -1288,8 +1456,11 @@ rpc_uci_do_rollback(struct ubus_context *ctx, const char *sid, glob_t *gl)
 
 		rpc_uci_copy_file(RPC_SNAPSHOT_FILES, RPC_UCI_DIR, config);
 		rpc_uci_apply_config(ctx, config);
-		if (sid)
-			rpc_uci_copy_file(RPC_SNAPSHOT_DELTA, tmp, config);
+
+		if (deny)
+			continue;
+
+		rpc_uci_copy_file(RPC_SNAPSHOT_DELTA, tmp, config);
 	}
 
 	rpc_uci_purge_dir(RPC_SNAPSHOT_FILES);
@@ -1310,34 +1481,9 @@ rpc_uci_apply_timeout(struct uloop_timeout *t)
 	if (glob(tmp, GLOB_PERIOD, NULL, &gl) < 0)
 		return;
 
-	rpc_uci_do_rollback(apply_ctx, NULL, &gl);
-}
-
-static int
-rpc_uci_apply_access(const char *sid, glob_t *gl)
-{
-	struct stat s;
-	int i, c = 0;
-
-	if (gl->gl_pathc < 3)
-		return UBUS_STATUS_NO_DATA;
-
-	for (i = 0; i < gl->gl_pathc; i++) {
-		char *config = basename(gl->gl_pathv[i]);
-
-		if (*config == '.')
-			continue;
-		if (stat(gl->gl_pathv[i], &s) || !s.st_size)
-			continue;
-		if (!rpc_session_access(sid, "uci", config, "write"))
-			return UBUS_STATUS_PERMISSION_DENIED;
-		c++;
-	}
-
-	if (!c)
-		return UBUS_STATUS_NO_DATA;
+	rpc_uci_do_rollback(apply_ctx, &gl);
 
-	return 0;
+	globfree(&gl);
 }
 
 static int
@@ -1374,6 +1520,8 @@ rpc_uci_apply(struct ubus_context *ctx, struct ubus_object *obj,
 	rpc_uci_purge_dir(RPC_SNAPSHOT_DELTA);
 
 	if (!apply_sid[0]) {
+		rpc_uci_set_savedir(tb[RPC_T_SESSION]);
+
 		mkdir(RPC_SNAPSHOT_FILES, 0700);
 		mkdir(RPC_SNAPSHOT_DELTA, 0700);
 
@@ -1480,13 +1628,28 @@ rpc_uci_rollback(struct ubus_context *ctx, struct ubus_object *obj,
 	if (glob(tmp, GLOB_PERIOD, NULL, &gl) < 0)
 		return UBUS_STATUS_NOT_FOUND;
 
-	rpc_uci_do_rollback(ctx, sid, &gl);
+	rpc_uci_do_rollback(ctx, &gl);
 
 	globfree(&gl);
 
 	return 0;
 }
 
+static int
+rpc_uci_reload(struct ubus_context *ctx, struct ubus_object *obj,
+                 struct ubus_request_data *req, const char *method,
+                 struct blob_attr *msg)
+{
+	char * const cmd[2] = { "/sbin/reload_config", NULL };
+
+	if (!fork()) {
+		/* wait for the RPC call to complete */
+		sleep(2);
+		return execv(cmd[0], cmd);
+	}
+
+	return 0;
+}
 
 /*
  * Session destroy callback to purge associated delta directory.
@@ -1535,6 +1698,7 @@ int rpc_uci_api_init(struct ubus_context *ctx)
 		UBUS_METHOD("apply",    rpc_uci_apply,    rpc_uci_apply_policy),
 		UBUS_METHOD("confirm",  rpc_uci_confirm,  rpc_uci_rollback_policy),
 		UBUS_METHOD("rollback", rpc_uci_rollback, rpc_uci_rollback_policy),
+		UBUS_METHOD_NOARG("reload_config", rpc_uci_reload),
 	};
 
 	static struct ubus_object_type uci_type =