luci-base: properly handle ubus connections for non-root (#570, #571)

Instead of relying on the connect-before-setuid hack, ship a proper
acl definition file whitelisting the procedures that LuCI requires
on its non-root pages.

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index cd5d77a12b9237134d66be1e1d6174d03efdd01a..2fbc2c96f5f5f338e312ac9ff7b157d9c37c75e6 100644 (file)
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -402,9 +402,6 @@ function dispatch(request)
        end
 
        if track.setuser then
-               -- trigger ubus connection before dropping root privs
-               util.ubus()
-
                sys.process.setuser(track.setuser)
        end
 

diff --git a/modules/luci-base/root/usr/share/acl.d/luci-base.json b/modules/luci-base/root/usr/share/acl.d/luci-base.json
new file mode 100644 (file)
index 0000000..4d58236
--- /dev/null
+++ b/modules/luci-base/root/usr/share/acl.d/luci-base.json
@@ -0,0 +1,8 @@
+{
+       "user": "nobody",
+       "access": {
+               "system": {
+                       "methods": [ "board", "info" ]
+               }
+       }
+}