From b0ad324eda9f5ba0405b4707aee229eefd1569a8 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Fri, 13 Sep 2019 06:52:21 +0200 Subject: [PATCH] cgi-io: use different acl scopes for path and command permissions Use the `cgi-io` scope to check for permission to execute the requested command (`upload`, `backup`) and the `file` scope to check path permissions. The reasoning of this change is that `cgi-io` is usually used in conjunction with `rpcd-mod-file` to transfer large file data out of band and `rpcd-mod-file` already uses the `file` scope to manage file path access permissions. After this change, both `rpc-mod-file` and `cgi-io` can share the same path acl rules. Write access to a path can be granted by using an ubus call in the following form: ubus call session grant '{ "ubus_rpc_session": "...", "scope": "file", "objects": [ [ "/var/lib/uploads/*", "write" ] ] }' Signed-off-by: Jo-Philipp Wich --- Makefile | 4 ++-- src/main.c | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 4c47257..4b2d664 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=cgi-io -PKG_RELEASE:=8 +PKG_RELEASE:=9 PKG_LICENSE:=GPL-2.0-or-later @@ -37,7 +37,7 @@ endef define Package/cgi-io/install $(INSTALL_DIR) $(1)/usr/libexec $(1)/www/cgi-bin/ $(INSTALL_BIN) $(PKG_BUILD_DIR)/cgi-io $(1)/usr/libexec - $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-upload + $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-upload $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-backup endef diff --git a/src/main.c b/src/main.c index a6ded06..44a5205 100644 --- a/src/main.c +++ b/src/main.c @@ -89,7 +89,7 @@ session_access_cb(struct ubus_request *req, int type, struct blob_attr *msg) } static bool -session_access(const char *sid, const char *obj, const char *func) +session_access(const char *sid, const char *scope, const char *obj, const char *func) { uint32_t id; bool allow = false; @@ -103,7 +103,7 @@ session_access(const char *sid, const char *obj, const char *func) blob_buf_init(&req, 0); blobmsg_add_string(&req, "ubus_rpc_session", sid); - blobmsg_add_string(&req, "scope", "cgi-io"); + blobmsg_add_string(&req, "scope", scope); blobmsg_add_string(&req, "object", obj); blobmsg_add_string(&req, "function", func); @@ -475,7 +475,7 @@ data_begin_cb(multipart_parser *p) if (!st.filename) return response(false, "File data without name"); - if (!session_access(st.sessionid, st.filename, "write")) + if (!session_access(st.sessionid, "file", st.filename, "write")) return response(false, "Access to path denied by ACL"); st.tempfd = mkstemp(tmpname); @@ -530,7 +530,7 @@ data_end_cb(multipart_parser *p) { if (st.parttype == PART_SESSIONID) { - if (!session_access(st.sessionid, "upload", "write")) + if (!session_access(st.sessionid, "cgi-io", "upload", "write")) { errno = EPERM; return response(false, "Upload permission denied"); @@ -658,7 +658,7 @@ main_backup(int argc, char **argv) char hostname[64] = { 0 }; char *fields[] = { "sessionid", NULL }; - if (!postdecode(fields, 1) || !session_access(fields[1], "backup", "read")) + if (!postdecode(fields, 1) || !session_access(fields[1], "cgi-io", "backup", "read")) return failure(0, "Backup permission denied"); if (pipe(fds)) -- 2.30.2