cgi-io: use different acl scopes for path and command permissions

Use the `cgi-io` scope to check for permission to execute the requested command (`upload`, `backup`) and the `file` scope to check path permissions. The reasoning of this change is that `cgi-io` is usually used in conjunction with `rpcd-mod-file` to transfer large file data out of band and `rpcd-mod-file` already uses the `file` scope to manage file path access permissions. After this change, both `rpc-mod-file` and `cgi-io` can share the same path acl rules. Write access to a path can be granted by using an ubus call in the following form: ubus call session grant '{ "ubus_rpc_session": "...", "scope": "file", "objects": [ [ "/var/lib/uploads/*", "write" ] ] }' Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-13 06:52:21 +02:00 · 2019-09-13 06:52:21 +02:00 · c8a86c8c8e
commit c8a86c8c8e
parent a1057cea1f
2 changed files with 7 additions and 7 deletions
--- a/net/cgi-io/Makefile
+++ b/net/cgi-io/Makefile
@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=cgi-io
-PKG_RELEASE:=8
+PKG_RELEASE:=9
 PKG_LICENSE:=GPL-2.0-or-later
@ -37,7 +37,7 @@ endef
 define Package/cgi-io/install
 	$(INSTALL_DIR) $(1)/usr/libexec $(1)/www/cgi-bin/
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/cgi-io $(1)/usr/libexec
-	$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-upload 
+	$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-upload
 	$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-backup
 endef
--- a/net/cgi-io/src/main.c
+++ b/net/cgi-io/src/main.c
@ -89,7 +89,7 @@ session_access_cb(struct ubus_request *req, int type, struct blob_attr *msg)
 }
 static bool
-session_access(const char *sid, const char *obj, const char *func)
+session_access(const char *sid, const char *scope, const char *obj, const char *func)
 {
 	uint32_t id;
 	bool allow = false;
@ -103,7 +103,7 @@ session_access(const char *sid, const char *obj, const char *func)
 	blob_buf_init(&req, 0);
 	blobmsg_add_string(&req, "ubus_rpc_session", sid);
-	blobmsg_add_string(&req, "scope", "cgi-io");
+	blobmsg_add_string(&req, "scope", scope);
 	blobmsg_add_string(&req, "object", obj);
 	blobmsg_add_string(&req, "function", func);
@ -475,7 +475,7 @@ data_begin_cb(multipart_parser *p)
 		if (!st.filename)
 			return response(false, "File data without name");
-		if (!session_access(st.sessionid, st.filename, "write"))
+		if (!session_access(st.sessionid, "file", st.filename, "write"))
 			return response(false, "Access to path denied by ACL");
 		st.tempfd = mkstemp(tmpname);
@ -530,7 +530,7 @@ data_end_cb(multipart_parser *p)
 {
 	if (st.parttype == PART_SESSIONID)
 	{
-		if (!session_access(st.sessionid, "upload", "write"))
+		if (!session_access(st.sessionid, "cgi-io", "upload", "write"))
 		{
 			errno = EPERM;
 			return response(false, "Upload permission denied");
@ -658,7 +658,7 @@ main_backup(int argc, char **argv)
 	char hostname[64] = { 0 };
 	char *fields[] = { "sessionid", NULL };
-	if (!postdecode(fields, 1) || !session_access(fields[1], "backup", "read"))
+	if (!postdecode(fields, 1) || !session_access(fields[1], "cgi-io", "backup", "read"))
 		return failure(0, "Backup permission denied");
 	if (pipe(fds))