cgi-io: use different acl scopes for path and command permissions

Use the `cgi-io` scope to check for permission to execute the requested
command (`upload`, `backup`) and the `file` scope to check path
permissions.

The reasoning of this change is that `cgi-io` is usually used in
conjunction with `rpcd-mod-file` to transfer large file data out
of band and `rpcd-mod-file` already uses the `file` scope to manage
file path access permissions. After this change, both `rpc-mod-file`
and `cgi-io` can share the same path acl rules.

Write access to a path can be granted by using an ubus call in the
following form:

    ubus call session grant '{
        "ubus_rpc_session": "...",
        "scope": "file",
        "objects": [
            [ "/var/lib/uploads/*", "write" ]
        ]
    }'

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit c8a86c8c8e1925eb7d84c52e702c4be5fc8ac76b)

diff --git a/net/cgi-io/Makefile b/net/cgi-io/Makefile
index 3a4fc565f978d3e0e57659097c8efb0b3d231f7e..4b2d664af9638f08d35a274741923f0904f4a3fc 100644 (file)
--- a/net/cgi-io/Makefile
+++ b/net/cgi-io/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=cgi-io
-PKG_RELEASE:=7
+PKG_RELEASE:=9
 
 PKG_LICENSE:=GPL-2.0-or-later
 

diff --git a/net/cgi-io/src/main.c b/net/cgi-io/src/main.c
index a6ded065f426d81362c953cf893319edf9368b17..44a520576028ef722829681528de17017474539a 100644 (file)
--- a/net/cgi-io/src/main.c
+++ b/net/cgi-io/src/main.c
@@ -89,7 +89,7 @@ session_access_cb(struct ubus_request *req, int type, struct blob_attr *msg)
 }
 
 static bool
-session_access(const char *sid, const char *obj, const char *func)
+session_access(const char *sid, const char *scope, const char *obj, const char *func)
 {
        uint32_t id;
        bool allow = false;
@@ -103,7 +103,7 @@ session_access(const char *sid, const char *obj, const char *func)
 
        blob_buf_init(&req, 0);
        blobmsg_add_string(&req, "ubus_rpc_session", sid);
-       blobmsg_add_string(&req, "scope", "cgi-io");
+       blobmsg_add_string(&req, "scope", scope);
        blobmsg_add_string(&req, "object", obj);
        blobmsg_add_string(&req, "function", func);
 
@@ -475,7 +475,7 @@ data_begin_cb(multipart_parser *p)
                if (!st.filename)
                        return response(false, "File data without name");
 
-               if (!session_access(st.sessionid, st.filename, "write"))
+               if (!session_access(st.sessionid, "file", st.filename, "write"))
                        return response(false, "Access to path denied by ACL");
 
                st.tempfd = mkstemp(tmpname);
@@ -530,7 +530,7 @@ data_end_cb(multipart_parser *p)
 {
        if (st.parttype == PART_SESSIONID)
        {
-               if (!session_access(st.sessionid, "upload", "write"))
+               if (!session_access(st.sessionid, "cgi-io", "upload", "write"))
                {
                        errno = EPERM;
                        return response(false, "Upload permission denied");
@@ -658,7 +658,7 @@ main_backup(int argc, char **argv)
        char hostname[64] = { 0 };
        char *fields[] = { "sessionid", NULL };
 
-       if (!postdecode(fields, 1) || !session_access(fields[1], "backup", "read"))
+       if (!postdecode(fields, 1) || !session_access(fields[1], "cgi-io", "backup", "read"))
                return failure(0, "Backup permission denied");
 
        if (pipe(fds))