Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

cgi-io: use different acl scopes for path and command permissions

Browse source 
Use the `cgi-io` scope to check for permission to execute the requested
command (`upload`, `backup`) and the `file` scope to check path
permissions.

The reasoning of this change is that `cgi-io` is usually used in
conjunction with `rpcd-mod-file` to transfer large file data out
of band and `rpcd-mod-file` already uses the `file` scope to manage
file path access permissions. After this change, both `rpc-mod-file`
and `cgi-io` can share the same path acl rules.

Write access to a path can be granted by using an ubus call in the
following form:

    ubus call session grant '{
        "ubus_rpc_session": "...",
        "scope": "file",
        "objects": [
            [ "/var/lib/uploads/*", "write" ]
        ]
    }'

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c8a86c8c8e)
This commit is contained in:
Jo-Philipp Wich 2019-09-13 06:52:21 +02:00 committed by Petr Štetiar
parent 76d741c990
commit 0fc83858fc
2 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/cgi-io/Makefile
View file

@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=cgi-io PKG_NAME:=cgi-io
PKG_RELEASE:=7 PKG_RELEASE:=9
PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE:=GPL-2.0-or-later

10
net/cgi-io/src/main.c
View file

@ -89,7 +89,7 @@ session_access_cb(struct ubus_request *req, int type, struct blob_attr *msg)
} }
static bool static bool
session_access(const char *sid, const char *obj, const char *func) session_access(const char *sid, const char *scope, const char *obj, const char *func)
{ {
uint32_t id; uint32_t id;
bool allow = false; bool allow = false;
@ -103,7 +103,7 @@ session_access(const char *sid, const char *obj, const char *func)
blob_buf_init(&req, 0); blob_buf_init(&req, 0);
blobmsg_add_string(&req, "ubus_rpc_session", sid); blobmsg_add_string(&req, "ubus_rpc_session", sid);
blobmsg_add_string(&req, "scope", "cgi-io"); blobmsg_add_string(&req, "scope", scope);
blobmsg_add_string(&req, "object", obj); blobmsg_add_string(&req, "object", obj);
blobmsg_add_string(&req, "function", func); blobmsg_add_string(&req, "function", func);
@ -475,7 +475,7 @@ data_begin_cb(multipart_parser *p)
if (!st.filename) if (!st.filename)
return response(false, "File data without name"); return response(false, "File data without name");
if (!session_access(st.sessionid, st.filename, "write")) if (!session_access(st.sessionid, "file", st.filename, "write"))
return response(false, "Access to path denied by ACL"); return response(false, "Access to path denied by ACL");
st.tempfd = mkstemp(tmpname); st.tempfd = mkstemp(tmpname);
@ -530,7 +530,7 @@ data_end_cb(multipart_parser *p)
{ {
if (st.parttype == PART_SESSIONID) if (st.parttype == PART_SESSIONID)
{ {
if (!session_access(st.sessionid, "upload", "write")) if (!session_access(st.sessionid, "cgi-io", "upload", "write"))
{ {
errno = EPERM; errno = EPERM;
return response(false, "Upload permission denied"); return response(false, "Upload permission denied");
@ -658,7 +658,7 @@ main_backup(int argc, char **argv)
char hostname[64] = { 0 }; char hostname[64] = { 0 };
char *fields[] = { "sessionid", NULL }; char *fields[] = { "sessionid", NULL };
if (!postdecode(fields, 1) || !session_access(fields[1], "backup", "read")) if (!postdecode(fields, 1) || !session_access(fields[1], "cgi-io", "backup", "read"))
return failure(0, "Backup permission denied"); return failure(0, "Backup permission denied");
if (pipe(fds)) if (pipe(fds))