IssamHamdi [Tue, 28 May 2024 13:58:29 +0000 (15:58 +0200)]
session: Fix crash when the UCI option 'password' or 'username' is missing
Add a check in 'ptr.o' to prevent a crash in the
'if (ptr.o->type != UCI_TYPE_STRING)' statement
when ptr.o is null. This issue occurs due to the
absence of 'password' or 'username' in the login
section of /etc/config/rpcd.
Signed-off-by: IssamHamdi <ih@simonwunderlich.de>
Justin Klaassen [Wed, 21 Feb 2024 22:49:32 +0000 (22:49 +0000)]
sys: use "Auto-Installed" field for packagelist
A change to the build scripts (openwrt/openwrt#14428) removed the "user" flag
from all installed packages in the rootfs. This caused problems for tools
like "auc" which rely on the rpcd packagelist command to determine which
packages to request when building a new image.
This change modifies the packagelist implementation to use the "Auto-Installed"
field rather than the "user" flag in order to filter dependencies from the
returned list of packages. The resulting package list is identical without
relying on the semantics of the "user" flag which is typically used to
indicate which packages have been interactively installed by the user.
Signed-off-by: Justin Klaassen <justin@tidylabs.app>
[use 'bool' instead of 'int' type for booleans]
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Thomas Weißschuh [Sun, 28 May 2023 07:02:51 +0000 (09:02 +0200)]
iwinfo: update byte counter to 64bit
This prevents overflows after 4GiB or 2GiB if the number is interpreted
as signed integer, for example in the blobmbsg json serialization.
Signed-off-by: Thomas Weißschuh <thomas@t-8ch.de>
Erik Karlsson [Mon, 29 May 2023 17:54:23 +0000 (19:54 +0200)]
file: strengthen exec access control
Do not allow setting environment variables if there is a session as
there is no access control for environment variables and allowing
arbitrary data into the environment is unsafe. Do not leak arguments
through unchecked if the size of the buffer for access checking the
whole command line is exceeded. Adjust the maximum number of allowed
arguments so it matches the actual implementation.
Signed-off-by: Erik Karlsson <erik.karlsson@genexis.eu>
Christian Marangi [Tue, 31 Jan 2023 14:45:18 +0000 (15:45 +0100)]
rc: add option to get info for a single script in list method
Add option to get info for a single script in list method.
To get info of a particular script pass the name arg to the list method.
If the script doesn't exist an empty table is returned.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Tue, 31 Jan 2023 14:40:16 +0000 (15:40 +0100)]
rc: add option to skip running check for list method
Running check may be slow and increase result time in the other of 70ms
for the list method.
Add an option to skip running check by passing the skip_running_check as
true in the list method args to speedup execution if the running info is
not needed.
With the option set to true the execution time lower to just 5ms.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Tue, 31 Jan 2023 14:32:59 +0000 (15:32 +0100)]
rc: add support for scanning USE_PROCD and skip running if not supported
Running check is supported only in procd scripts. This cause prolonged
execution time since the function needs to timeout.
To fix this check if the script USE_PROCD and run running check only if
supported.
Also provide running info only if the running check is supported.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Christian Marangi [Tue, 31 Jan 2023 14:28:17 +0000 (15:28 +0100)]
rc: fix and improve script scanning START and STOP
Currently we stop searching at the first occurence of START or STOP
entry. This is wrong since we totally miss the other data (START or
STOP) in the occurence of the other.
Fix and improve script scanning by:
- Increase the line max length to 255 char to read it in one go.
- Scan only the first 10 lines.
- Don't stop at the first occurence and try to search also for the other
data.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Andre Heider [Thu, 24 Nov 2022 17:16:51 +0000 (18:16 +0100)]
iwinfo: add "band" and "mhz" to the scan output
Providing the channel alone isn't clear as there're overlapping channels
on e.g. band 2 and 6.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Andre Heider [Tue, 22 Nov 2022 10:41:13 +0000 (11:41 +0100)]
iwinfo: add "band" to the freqlist output
So that consumers don't have to fiddle around with mapping frequencies
to bands, which everyone seems to do a little differently.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Christian Marangi [Fri, 21 Jan 2022 00:07:51 +0000 (01:07 +0100)]
iwinfo: add flags to freqlist output
A channel can declare restriction where it should be used only indoors
or should not be used at all.
Expose these restriction in the channel data as additional info with the
restricted info.
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
Andre Heider [Wed, 23 Nov 2022 10:32:26 +0000 (11:32 +0100)]
iwinfo: add "hwmodes_text" to the info output
This is a preformatted string like "ac/ax/b/g/n" for presentation.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Andre Heider [Wed, 23 Nov 2022 10:05:51 +0000 (11:05 +0100)]
iwinfo: clean up rpc_iwinfo_call_hw_ht_mode()
There's no need to call hwmodelist() again, just pass on the earlier
result.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Andre Heider [Tue, 22 Nov 2022 10:35:41 +0000 (11:35 +0100)]
iwinfo: reuse infos provided by libiwinfo
Don't hardcode bit/name pairs, instead iterate over what's known to the
library and use that instead.
This automatically adds the missing ciphers CCMP256 and GCMP256 - and any
future ones.
The only difference in the output is the order of the 'hwmodes' array.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Andre Heider [Sat, 26 Nov 2022 15:15:16 +0000 (16:15 +0100)]
iwinfo: constify string map arg for rpc_iwinfo_call_int()
Fixes the build since the string maps have been constified.
Jo-Philipp Wich [Wed, 21 Sep 2022 21:10:51 +0000 (23:10 +0200)]
ucode: write ucode runtime exceptions to stderr
Write unhandled exceptions in invoked ucode method handlers to stderr in
order to simplify debugging failing scripts.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Mon, 12 Sep 2022 13:36:14 +0000 (15:36 +0200)]
ucode: pass-through `ubus_rpc_session` argument
Allow the special `ubus_rpc_session` method call argument even if it is not
specified in the policy.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Mon, 12 Sep 2022 11:44:59 +0000 (13:44 +0200)]
ucode: initialize module search path early
Ensure that the default module search path is initialized before compiling
ucode handler scripts in order to support compile time import statements.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Petr Štetiar [Wed, 24 Aug 2022 08:05:33 +0000 (10:05 +0200)]
sys: mitigate possible strncpy string truncation
gcc 10 with -O2 reports following:
In function ‘strncpy’,
inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:244:4:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In function ‘strncpy’,
inlined from ‘rpc_sys_packagelist’ at /opt/devel/openwrt/c-projects/rpcd/sys.c:227:4:
/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound 128 equals destination size [-Werror=stringop-truncation]
106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Since it is not possible to avoid truncation by strncpy, it is necessary
to make sure the result of strncpy is properly NUL-terminated and the
NUL must be inserted explicitly, after strncpy has returned.
References: #10442
Reported-by: Alexey Smirnov <s.alexey@gmail.com>
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Jo-Philipp Wich [Fri, 12 Aug 2022 19:11:47 +0000 (21:11 +0200)]
ucode: parse ucode plugin scripts in raw mode, init search path
It makes little sense to execute rpcd ucode plugin scripts in template
mode since those scripts are supposed to output structured JSON data,
so change the parse config to compile scripts in raw mode.
Also initialize the default library search path which is required in
recent ucode versions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Christian 'Ansuel' Marangi [Thu, 19 May 2022 12:45:13 +0000 (14:45 +0200)]
iwinfo: fix compilation error with GCC 12
Fix compilation error with GCC 12.
In file included from /home/ansuel/openwrt/staging_dir/target-aarch64_cortex-a53_musl/usr/include/libubus.h:23,
from iwinfo.c:21:
In function 'blobmsg_close_array',
inlined from 'rpc_iwinfo_assoclist' at iwinfo.c:643:3:
/home/ansuel/openwrt/staging_dir/target-aarch64_cortex-a53_musl/usr/include/libubox/blobmsg.h:250:9: error: 'c' may be used uninitialized [-Werror=maybe-uninitialized]
250 | blob_nest_end(buf, cookie);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
iwinfo.c: In function 'rpc_iwinfo_assoclist':
iwinfo.c:564:15: note: 'c' was declared here
564 | void *c, *d, *e;
| ^
cc1: all warnings being treated as errors
ninja: build stopped: subcommand failed.
Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
Jo-Philipp Wich [Mon, 7 Feb 2022 08:53:04 +0000 (09:53 +0100)]
ucode: adjust to latest ucode api
The public libucode api has been revised to return and expect an
uc_program_t pointer instead of a main function reference.
The program (former main function) is also not implicitly released
by uc_vm_execute() anymore.
Adjust the ucode plugin accordingly to match the new requirements.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 2 Dec 2021 20:00:40 +0000 (21:00 +0100)]
ucode: add ucode interpreter plugin
The rpcd ucode plugin allows utilizing ucode scripts to register ubus
objects and to implement the objects method callbacks.
Upon startup, rpcd will compile and execute each ucode script in
`$INSTALL_PREFIX/share/ucode/` and register ubus proxy objects and
methods definitions according to the signature returned by the script.
Refer to examples/ucode/example-plugin.uc for details of the signature
format.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 8 Dec 2021 19:07:28 +0000 (20:07 +0100)]
treewide: adjust ubus object type names
Drop the historically inherited "luci-rpc-" prefix and replace it with a
more appropriate "rpcd-plugin-" string.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Fri, 3 Dec 2021 22:36:35 +0000 (23:36 +0100)]
build: honour CMake install prefix in hardcoded paths
Search plugins, ACL ressources and other data files relative to the compile
time CMAKE_INSTALL_PREFIX instead of hardcoding `/usr`.
Also ensure that plugin libraries are installed into the lib/rpcd subdir.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Stijn Tintel [Thu, 4 Nov 2021 12:38:01 +0000 (14:38 +0200)]
session: use blobmsg_get_u64 for RPC_DUMP_EXPIRES
We need to use blobmsg_get_u64 for RPC_DUMP_EXPIRES as this is now
BLOBMSG_TYPE_INT64.
Fixes: 20bf958bea20 ("session: use uloop_timeout_remaining64")
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Stijn Tintel [Thu, 4 Nov 2021 11:00:05 +0000 (13:00 +0200)]
session: use uloop_timeout_remaining64
The uloop_timeout_remaining is being deprecated.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Acked-by: John Crispin <john@phrozen.org>
Jo-Philipp Wich [Tue, 13 Jul 2021 18:31:16 +0000 (20:31 +0200)]
session: unload rpcd configuration before checking login
Currently, rpcd cached /etc/config/rpcd once on the first login and then
keeps checking login attempts and ACL settings against the in-memory
copy until the process is restarted.
This is not desirable as we would like added, modified or removed accounts
to be effective immediately. In order to achive this behaviour, ensure to
unload the currently loaded rpcd configuration before looking up the login
account section.
Ref: https://github.com/openwrt/luci/issues/5179
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
David Bauer [Sat, 17 Apr 2021 21:42:30 +0000 (23:42 +0200)]
iwinfo: add 802.11ax HE support
Expose 802.11ax HE rate as well as HW / HT mode information. This is
required to add 802.11ax support to LuCI.
Signed-off-by: David Bauer <mail@david-bauer.net>
Daniel Golle [Wed, 10 Mar 2021 22:45:51 +0000 (22:45 +0000)]
sys: packagelist: drop ABI version from package name
Having the ABI version appended to the package name is not very helpful
when checking for updated versions of a package online or requesting
a new image for the device from an updater service. In both cases,
the ABI version could have been bumped meanwhile and that name is then
simply not found.
Resolve this by removing the appended ABI version in the output of the
rpc-sys packagelist call.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Jo-Philipp Wich [Wed, 23 Dec 2020 18:06:12 +0000 (19:06 +0100)]
uci: manually clear uci_ptr flags after uci_delete() operations
This is required to avoid potential use-after-free errors through the
uci_set()->uci_delete()->uci_expand_ptr() call chain when passing
zero-length strings as values.
Ref: https://bugs.openwrt.org/index.php?do=details&task_id=3528
Suggested-by: olegio170 <olegios170@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Ansuel Smith [Wed, 6 Jan 2021 04:57:39 +0000 (05:57 +0100)]
iwinfo: include ht_operation data only if available
Check if ht_operation data are present and add them accordingly.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Daniel Golle [Tue, 5 Jan 2021 22:32:45 +0000 (22:32 +0000)]
iwinfo: return hwmode 'ad' on 802.11ad-only hardware
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Tue, 5 Jan 2021 14:40:42 +0000 (14:40 +0000)]
iwinfo: add support for 802.11ad and GCMP
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Ansuel Smith [Sun, 6 Dec 2020 01:11:18 +0000 (02:11 +0100)]
iwinfo: export center channel for info ubus call
Iwinfo export the center channel sued by the wifi. Include this data in
the ubus info call to better know the channel utilizzation of the wifi.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Ansuel Smith [Sun, 6 Dec 2020 01:11:17 +0000 (02:11 +0100)]
iwinfo: add ht and vht operation info to wifi scan
Iwinfo exports ht and vht operation info useful to get channel info of
nearby stations. Add these new info to ubus output.
Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
Rafał Miłecki [Fri, 11 Sep 2020 11:03:05 +0000 (13:03 +0200)]
rc: support init.d scripts with START=0
Use negative value (instead of 0) to indicate missing START.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Rafał Miłecki [Tue, 23 Jun 2020 18:46:19 +0000 (20:46 +0200)]
rc: new ubus object for handling /etc/init.d/ scripts
This commit adds "rc" ubus object with methods "list" and "exec" for
listing and calling init.d script appropriately. It's useful for all
kind of UIs (e.g. LuCI) and custom apps.
Example:
root@OpenWrt:~# ubus call rc list
{
"blockd": {
"start": 80,
"enabled": true,
"running": true
},
"dnsmasq": {
"start": 19,
"enabled": true,
"running": true
}
}
root@OpenWrt:~# ubus call rc init '{ "name": "blockd", "action": "disable" }'
root@OpenWrt:~# ubus call rc init '{ "name": "dnsmasq", "action": "stop" }'
root@OpenWrt:~# ubus call rc list
{
"blockd": {
"start": 80,
"enabled": false,
"running": true
},
"dnsmasq": {
"start": 19,
"enabled": true,
"running": false
}
}
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 26 May 2020 13:49:18 +0000 (15:49 +0200)]
uci: reset uci_ptr flags when merging options during section add
Fixes: FS#3126
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Fabian Bläse [Tue, 17 Mar 2020 15:55:57 +0000 (16:55 +0100)]
session: deny access if password login is disabled
The special characters '!' and '*' in /etc/shadow are
used to disable password login for a specific account.
The character 'x' has no special meaning, but should not
be interpreted as an empty password.
However, rpcd did treat these special characters like no
password was set, which allows access even though the account
is disabled.
By removing the additional checks for these characters, the
encrypted password string is passed to crypt, which returns NULL
if the salt has an invalid format and therefore access is denied.
Fixes: FS#2634
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Daniel Danzberger [Wed, 27 Nov 2019 17:29:51 +0000 (18:29 +0100)]
iwinfo: add current hw and ht mode to info call
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Jo-Philipp Wich [Tue, 10 Dec 2019 15:49:55 +0000 (16:49 +0100)]
file: extend exec acl checks to commands with arguments
When the initial exec permission check on the executable path fails,
concatenate the command line with spaces and use the resulting string
as lookup path for a second exec permission check.
This allows for exec acls similar to this example:
"file": {
"/usr/bin/program --flag --option=1 arg *": [ "exec" ]
}
The example above would allow executing `/usr/bin/program` with the
arguments `--flag`, `--option=1` and `arg` in exactly this order,
followed by any number of optional arguments as denoted by the
asterisk.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Sun, 10 Nov 2019 20:10:29 +0000 (21:10 +0100)]
plugin: avoid truncating numeric values
When parsing the JSON output of exec plugins, store integer values exceeding
32bit value limits as 64bit integer blob values.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 29 Oct 2019 11:01:36 +0000 (12:01 +0100)]
plugin: fix double free in finish callback
Fixes: 37aa919 ("plugin: fix leaking invoked method name for exec plugins")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Yousong Zhou [Mon, 21 Oct 2019 12:59:24 +0000 (12:59 +0000)]
main: exec_self: make clang analyzer happy
Prevent a theoretical leak of the args memory when the executable path
cannot be found.
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace, commit description]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Yousong Zhou [Mon, 21 Oct 2019 12:59:23 +0000 (12:59 +0000)]
file: exec: properly free memory on error
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Yousong Zhou [Mon, 21 Oct 2019 06:10:29 +0000 (06:10 +0000)]
uci: free configs list memory on return
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Yousong Zhou [Mon, 21 Oct 2019 06:10:28 +0000 (06:10 +0000)]
exec: always call finish_cb to allow plugin to free up memory
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace, subject typo]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 29 Oct 2019 08:04:55 +0000 (09:04 +0100)]
plugin: do not free method name separately
A previous commit changed the allocation method for the call context to
include the method name string memory directly, so we must not treat the
method member separately anymore.
Fixes: 37aa919 ("plugin: fix leaking invoked method name for exec plugins")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Yousong Zhou [Mon, 21 Oct 2019 06:10:27 +0000 (06:10 +0000)]
exec: properly free memory on rpc_exec() error
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Yousong Zhou [Mon, 21 Oct 2019 06:10:26 +0000 (06:10 +0000)]
plugin: exec: properly free memory on parse error
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Jo-Philipp Wich [Tue, 29 Oct 2019 07:28:17 +0000 (08:28 +0100)]
uci: reset uci_ptr flags when merging set operations
In some cases, e.g. when subsequently setting multiple empty option
values, uci_set() might free the section pointer of the given reused
uci_ptr structure without zeroing it, leading to a use-after-free on
processing subsequent options.
Avoid this issue by clearing the lookup pointer flags in order to
prevent uci_set() from incorrectly branching into a uci_delete()
operation leading to the freeing of the section member.
Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-October/019592.html
Reported-by: Daniel Danzberger <daniel@dd-wrt.com>
Suggested-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 17 Oct 2019 09:50:39 +0000 (11:50 +0200)]
plugin: fix leaking invoked method name for exec plugins
The invoked method name was separately duplicated from the call_context
structure. The structure itself is eventually freed by rpc_exec_reply()
but the method string it points to is lost after that.
Use calloc_a() instead to allocate the string copy buffer together with
the context structure, to ensure that all involved memory is freed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Sat, 21 Sep 2019 12:56:39 +0000 (14:56 +0200)]
file: increase minimum read buffer size to 4096 bytes
Some sysfs or proc files contain more than 128 byte of data, e.g. the
/proc/filesystems or /proc/mounts files.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Mon, 9 Sep 2019 10:44:51 +0000 (12:44 +0200)]
iwinfo: add WPA3 support
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Sun, 8 Sep 2019 14:41:53 +0000 (16:41 +0200)]
file: refactor message parsing and permission checking
Refactor rpc_check_path() and wrap it with a macro to allow passing
different policies and permission names.
This allows using the function for non-read operations and simplifies
the message parsing code there.
Also change the stat and list methods to require "list" instead of
"read" permissions which is useful to allow browing the filesystem
without allowing read access to all files.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 4 Sep 2019 13:47:44 +0000 (15:47 +0200)]
iwinfo: expose all rate info fields in assoclist reply
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 4 Sep 2019 13:50:34 +0000 (15:50 +0200)]
sys: fix symbol redeclaration
Fixes: 27c24c7 ("rpcd: sys: actually move timespec declaration")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 3 Sep 2019 09:36:31 +0000 (11:36 +0200)]
rpcd: sys: actually move timespec declaration
Move the timespec declaration to the function header, as mentioned in
commit "rpcd: Switch to nanosleep".
Fixes: 604db20 ("rpcd: Switch to nanosleep")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 3 Sep 2019 06:18:39 +0000 (08:18 +0200)]
file: add remove operation
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Rosen Penev [Thu, 18 Jul 2019 17:54:44 +0000 (10:54 -0700)]
rpcd: Switch to nanosleep
usleep has been deprecated by POSIX.1-2001 and removed in POSIX.1-2008.
Fixes compilation when libc does not include usleep (optional with
uClibc-ng).
nanosleep also has the advantage of being more accurate.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
[move timespec definition to the top of the function]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Sun, 1 Sep 2019 16:05:19 +0000 (18:05 +0200)]
file: add path based read/write/exec ACL checks
Introduce ACL checks to verify that the requested path may be read, written
or executed. This allows to restrict ubus file commands to specific paths.
To setup the required ACLs, the following ubus command may be used
on the command line:
ubus call session grant '{
"ubus_rpc_session": "
d41d8cd98f00b204e9800998ecf8427e",
"scope": "file",
"objects": [
[ "/etc", "read" ],
[ "/etc/*", "write" ],
[ "/sbin/sysupgrade", "exec" ]
]
}'
The "read", "list", "stat" and "md5" procedures require "read" permissions,
the "write" procedure requires "write" permission and the "exec" procedure
requires "exec" permissions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Sun, 1 Sep 2019 15:23:41 +0000 (17:23 +0200)]
file: add stat() information to directory listings
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Petr Štetiar [Tue, 5 Jun 2018 07:41:25 +0000 (09:41 +0200)]
Fix possible linker errors by using CMake find_library macro
Fixes following errors while compiling natively on x86:
cc -fPIC -shared -o rpcsys.so sys.c.o -lubox -lubus
ld: cannot find -lubox
ld: cannot find -lubus
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Jo-Philipp Wich [Wed, 22 May 2019 12:25:52 +0000 (14:25 +0200)]
session: handle NULL return values of crypt()
The crypt() function may return NULL with errno ENOSYS when an attempt
was made to crypt the plaintext password using a salt requesting an
unsupported cipher.
Avoid triggering segmentation faults in the subsequent strcmp() operation
by checking for a non-NULL hash value.
Fixes: FS#2291
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Daniel Danzberger [Mon, 18 Feb 2019 21:35:07 +0000 (22:35 +0100)]
iwinfo: add mesh infos in assoclist.
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Daniel Danzberger [Mon, 18 Feb 2019 21:35:06 +0000 (22:35 +0100)]
iwinfo: add survey.
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Daniel Danzberger [Mon, 18 Feb 2019 21:35:05 +0000 (22:35 +0100)]
iwinfo: show more stats from assoclist.
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Jo-Philipp Wich [Fri, 21 Dec 2018 08:30:19 +0000 (09:30 +0100)]
file: avoid closing stdio descriptors in rpc_file_exec_run
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Fri, 21 Dec 2018 08:09:55 +0000 (09:09 +0100)]
file: patch process stdin to /dev/null
This prevents broken pipe errors in executed child processes that
attempt to access stdin.
Suggested-by: Vytautas Virvičius <vy.virvicius@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Fri, 21 Dec 2018 08:00:48 +0000 (09:00 +0100)]
file: remove unused members from struct rpc_file_exec_context
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Fri, 21 Dec 2018 07:50:36 +0000 (08:50 +0100)]
file: rpc_file_exec_run: fix potential memory leak and integer overflow
- Store the realloc result in a separate pointer so that we can free
the original on allocation failure
- Use an explicit uint8_t for the argument vector length instead of
"char" which might be signed or unsigned, depending on the arch
- Bail out with an invalid argument error if the argument vector
exceeds 255 items
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 28 Nov 2018 11:12:04 +0000 (12:12 +0100)]
file: access exec timeout via daemon ops structure
Since the plugin is not linked, but dlopen()'d with RTLD_LOCAL, we cannot
access global rpcd variables but need to access them via the common ops
structure symbol.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 28 Nov 2018 11:09:35 +0000 (12:09 +0100)]
plugin: store pointer to exec timeout value in the ops structure
This is required for plugins that need access to the configured execution
timeout. The global variable cannot be used as-is since we dlopen() with
RTLD_LOCAL.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 28 Nov 2018 11:07:58 +0000 (12:07 +0100)]
treewide: rename exec_timeout to rpc_exec_timeout
Rename the extern int to denote a global symbol.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 22 Nov 2018 15:25:39 +0000 (16:25 +0100)]
main: fix logic bug when not specifying a timeout option
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 22 Nov 2018 13:07:37 +0000 (14:07 +0100)]
file: use global exec timeout instead of own hardcoded limit
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 22 Nov 2018 13:04:45 +0000 (14:04 +0100)]
exec: increase maximum execution time to 120s
Increase the maximum possible execution time to 120 seconds and add a new
command line flag `-t` which allows overwriting the default value.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 8 Aug 2018 21:28:34 +0000 (23:28 +0200)]
uci: tighten uci reorder operation error handling
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section names
- Return UBUS_STATUS_NOT_FOUND if a section name could not be resolved
Jo-Philipp Wich [Wed, 8 Aug 2018 20:53:21 +0000 (22:53 +0200)]
uci: tighten uci delete operation error handling
- Return UBUS_STATUS_NOT_FOUND if no object could be resolved for delete
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section names or types
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 8 Aug 2018 20:43:57 +0000 (22:43 +0200)]
uci: tighten uci set operation error handling
- Return UBUS_STATUS_NOT_FOUND if no section could be resolved for set
- Return UBUS_STATUS_INVALID_ARGUMENT if unserializable values are found
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 8 Aug 2018 21:55:07 +0000 (23:55 +0200)]
uci: tighten uci add operation error handling
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section or option names
- Return UBUS_STATUS_NOT_FOUND if a section name could not be resolved
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 8 Aug 2018 16:14:30 +0000 (18:14 +0200)]
uci: reject invalid section and option names
The invoked libuci functions do not reliably check their arguments, causing
malformed section and option names to end up in the delta file, letting the
uci cli and other components to segfault when processung such invalid
entries.
In order to prevent that, manually test received values before passing them
on to libuci.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Sun, 13 May 2018 19:13:05 +0000 (21:13 +0200)]
uci: fix memory leak in rpc_uci_replace_savedir()
The rpc_uci_replace_savedir() function did not take into account that libuci
uci_set_savedir() does an additional implicit uci_strdup() of the directory
path string when appending a new delta directory item.
Due to this oversight, only the struct uci_element items got freed, but not
the duplicated path string, leading to leaking memory when invoking the uci
api with session id argument.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 8 May 2018 18:43:00 +0000 (20:43 +0200)]
exec: close stdout and stderr streams on child signal
This prevents timing out ubus call when the child invokes further detached
childs inheriting stdio descriptors.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 15 Mar 2018 23:42:18 +0000 (00:42 +0100)]
uci: use correct sort index when reordering sections
When reordering, the section indexes must be 0-based while the current
implementation incorrectly numbers starting with 1.
Fix this by start numbering ther sections with index 0.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 19 Apr 2018 13:13:25 +0000 (15:13 +0200)]
uci: fix memory leak in rpc_uci_apply_timeout()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 19 Apr 2018 12:02:30 +0000 (14:02 +0200)]
uci: switch to proper save directory on apply/rollback
The existing code failed to set the uci cursor save directory to the current
session path, causing the apply routine to either fail or to merge settings
from unrelated neighboring sessions, potentially leaking data.
Solve the issue by switching the uci cursor save directory to the session
directory before performing the actual apply actions.
Additionally set the save directory path to "/dev/null" during rollback, to
avoid merging unrelated system wide uci changes when restoring configs from
the snapshot directory.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 19 Apr 2018 11:54:40 +0000 (13:54 +0200)]
uci: add rpc_uci_replace_savedir() helper
The rpc_uci_replace_savedir() function removes all configured save directories
from the uci cursor instance and adds the given path argument as sole item.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 15 Mar 2018 11:22:34 +0000 (12:22 +0100)]
session: ignore non-string username attribute upon restore
When restoring session information from blob data, only consider the
embedded username attribute if it is a string value.
Other types may cause invalid memory accesses when attempting to strcmp()
the attribute value.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 15 Mar 2018 10:22:47 +0000 (11:22 +0100)]
session: support reclaiming pending apply session
Reclaim the pending apply session upon login when the username matches the
current login.
This is required to support apply-confirm-rollback workflow for ubus browser
clients, since changing IPs requires re-login to the device due to cross
domain restrictions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 15 Mar 2018 11:05:31 +0000 (12:05 +0100)]
session: remove redundant key attribute to rpc_session_set()
The given const char *key was used to look up the blob attribute, while
the blob attributes internal name was used to store it in the avl tree.
This leads to confusion and potential memory leaks when the given key name
does not match the blob attributes internal name.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 15 Mar 2018 10:46:54 +0000 (11:46 +0100)]
uci: fix session delta isolation
The libuci `uci_set_savedir()` function does not replace, but appends the
requested delta directory to the search path, this causes information leaks
between sessions.
Due to a lack of an official api for this, clear the uci contexts private
delta path before setting the save directory.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Daniel Golle [Thu, 30 Nov 2017 16:41:28 +0000 (17:41 +0100)]
sys: packagelist: allow listing all packages
Introduce optional boolean attribute 'all' to allow listing all
installed packages instead of only the user-selected ones.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Roman Yeryomin [Sun, 26 Nov 2017 17:14:22 +0000 (19:14 +0200)]
sys: fix passwd path
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Daniel Golle [Sun, 12 Nov 2017 20:41:05 +0000 (21:41 +0100)]
sys: fix memory leak in packagelist
Fixes commit
4e483312b0.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 12 Nov 2017 16:25:18 +0000 (17:25 +0100)]
sys: add packagelist method
Add method to list installed software packages directly from
/usr/lib/opkg/status (ie. no need to have opkg installed).
ubus call rpc-sys packagelist
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rafał Miłecki [Thu, 9 Nov 2017 14:08:16 +0000 (15:08 +0100)]
plugin: use RTLD_LOCAL instead of RTLD_GLOBAL when loading library
RTLD_GLOBAL was used to allow plugins use each other symbols but this
facility was (most likely) never used and is a bad design anyway. If
there is a common code it should just go to a library.
Using RTLD_LOCAL on the other hand saves us from conflicting symbols
used by different plugins. An example can be iwinfo plugin using libnl.
If there appears to be another plugin using incompatible netlink
implementation this will result in a problem. Both plugins will start
using the same libnl which will break one of them.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Florian Fainelli [Sat, 3 Dec 2016 17:34:44 +0000 (09:34 -0800)]
cmake: Find libubox/blobmsg_json.h
Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for blobmsg_json.h.
Some external toolchains which do not include standard locations would fail to
find the header otherwise.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Sat, 3 Dec 2016 17:34:45 +0000 (09:34 -0800)]
sys: Check return values of chdir and write
Fixes the following warnings:
rpcd/sys.c: In function 'rpc_cgi_password_set':
rpcd/sys.c:116:8: error: ignoring return value of 'chdir', declared with attribute warn_unused_result [-Werror=unused-result]
chdir("/");
^
rpcd/sys.c:125:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], blobmsg_data(tb[RPC_P_PASSWORD]),
^
rpcd/sys.c:127:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], "\n", 1);
^
rpcd/sys.c:131:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], blobmsg_data(tb[RPC_P_PASSWORD]),
^
rpcd/sys.c:133:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], "\n", 1);
^
cc1: all warnings being treated as errors
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>