Jo-Philipp Wich [Fri, 21 Dec 2018 07:50:36 +0000 (08:50 +0100)]
file: rpc_file_exec_run: fix potential memory leak and integer overflow
- Store the realloc result in a separate pointer so that we can free
the original on allocation failure
- Use an explicit uint8_t for the argument vector length instead of
"char" which might be signed or unsigned, depending on the arch
- Bail out with an invalid argument error if the argument vector
exceeds 255 items
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
e5243c16eb214d2f6a2008ca4f15c4eb3ec6682c)
Jo-Philipp Wich [Tue, 29 Oct 2019 11:01:36 +0000 (12:01 +0100)]
plugin: fix double free in finish callback
Fixes:
37aa919 ("plugin: fix leaking invoked method name for exec plugins")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
d442d62dea8d7c5f9bb58f1be257230a469f343f)
Jo-Philipp Wich [Tue, 29 Oct 2019 08:04:55 +0000 (09:04 +0100)]
plugin: do not free method name separately
A previous commit changed the allocation method for the call context to
include the method name string memory directly, so we must not treat the
method member separately anymore.
Fixes:
37aa919 ("plugin: fix leaking invoked method name for exec plugins")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
ca3e2d5e70f188cc73a9bd1dadd3dcf2603bdba7)
Yousong Zhou [Mon, 21 Oct 2019 06:10:27 +0000 (06:10 +0000)]
exec: properly free memory on rpc_exec() error
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
02c6e1d08c9abfebae050ebeab5766935e849dc2)
Yousong Zhou [Mon, 21 Oct 2019 06:10:26 +0000 (06:10 +0000)]
plugin: exec: properly free memory on parse error
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
(cherry picked from commit
cc502635046a2015d07fab5a21edbda7b7b98f38)
Jo-Philipp Wich [Thu, 17 Oct 2019 09:50:39 +0000 (11:50 +0200)]
plugin: fix leaking invoked method name for exec plugins
The invoked method name was separately duplicated from the call_context
structure. The structure itself is eventually freed by rpc_exec_reply()
but the method string it points to is lost after that.
Use calloc_a() instead to allocate the string copy buffer together with
the context structure, to ensure that all involved memory is freed.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
37aa9196b603769ffbff4d0c58f76259a3791384)
Fabian Bläse [Tue, 17 Mar 2020 15:55:57 +0000 (16:55 +0100)]
session: deny access if password login is disabled
The special characters '!' and '*' in /etc/shadow are
used to disable password login for a specific account.
The character 'x' has no special meaning, but should not
be interpreted as an empty password.
However, rpcd did treat these special characters like no
password was set, which allows access even though the account
is disabled.
By removing the additional checks for these characters, the
encrypted password string is passed to crypt, which returns NULL
if the salt has an invalid format and therefore access is denied.
Fixes: FS#2634
Signed-off-by: Fabian Bläse <fabian@blaese.de>
(cherry picked from commit
3df62bcebd2caff47506ccffb42df8d2d2123c06)
Jo-Philipp Wich [Tue, 26 May 2020 13:49:18 +0000 (15:49 +0200)]
uci: reset uci_ptr flags when merging options during section add
Fixes: FS#3126
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
078bb57e0769c987c05244abe1f7d8d53e0e323e)
Yousong Zhou [Mon, 21 Oct 2019 06:10:29 +0000 (06:10 +0000)]
uci: free configs list memory on return
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
9ecfada16d7ad5ae942e6c0e65e1b9d7e89e21df)
Jo-Philipp Wich [Tue, 29 Oct 2019 07:28:17 +0000 (08:28 +0100)]
uci: reset uci_ptr flags when merging set operations
In some cases, e.g. when subsequently setting multiple empty option
values, uci_set() might free the section pointer of the given reused
uci_ptr structure without zeroing it, leading to a use-after-free on
processing subsequent options.
Avoid this issue by clearing the lookup pointer flags in order to
prevent uci_set() from incorrectly branching into a uci_delete()
operation leading to the freeing of the section member.
Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-October/019592.html
Reported-by: Daniel Danzberger <daniel@dd-wrt.com>
Suggested-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
(cherry picked from commit
bd0ed2521476c3e5b6c1a0e0bd2c386ea809d74b)
Jo-Philipp Wich [Wed, 28 Nov 2018 11:12:04 +0000 (12:12 +0100)]
file: access exec timeout via daemon ops structure
Since the plugin is not linked, but dlopen()'d with RTLD_LOCAL, we cannot
access global rpcd variables but need to access them via the common ops
structure symbol.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 28 Nov 2018 11:09:35 +0000 (12:09 +0100)]
plugin: store pointer to exec timeout value in the ops structure
This is required for plugins that need access to the configured execution
timeout. The global variable cannot be used as-is since we dlopen() with
RTLD_LOCAL.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 28 Nov 2018 11:07:58 +0000 (12:07 +0100)]
treewide: rename exec_timeout to rpc_exec_timeout
Rename the extern int to denote a global symbol.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 22 Nov 2018 15:25:39 +0000 (16:25 +0100)]
main: fix logic bug when not specifying a timeout option
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 22 Nov 2018 13:07:37 +0000 (14:07 +0100)]
file: use global exec timeout instead of own hardcoded limit
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 22 Nov 2018 13:04:45 +0000 (14:04 +0100)]
exec: increase maximum execution time to 120s
Increase the maximum possible execution time to 120 seconds and add a new
command line flag `-t` which allows overwriting the default value.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 8 Aug 2018 21:28:34 +0000 (23:28 +0200)]
uci: tighten uci reorder operation error handling
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section names
- Return UBUS_STATUS_NOT_FOUND if a section name could not be resolved
Jo-Philipp Wich [Wed, 8 Aug 2018 20:53:21 +0000 (22:53 +0200)]
uci: tighten uci delete operation error handling
- Return UBUS_STATUS_NOT_FOUND if no object could be resolved for delete
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section names or types
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 8 Aug 2018 20:43:57 +0000 (22:43 +0200)]
uci: tighten uci set operation error handling
- Return UBUS_STATUS_NOT_FOUND if no section could be resolved for set
- Return UBUS_STATUS_INVALID_ARGUMENT if unserializable values are found
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 8 Aug 2018 21:55:07 +0000 (23:55 +0200)]
uci: tighten uci add operation error handling
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section or option names
- Return UBUS_STATUS_NOT_FOUND if a section name could not be resolved
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Wed, 8 Aug 2018 16:14:30 +0000 (18:14 +0200)]
uci: reject invalid section and option names
The invoked libuci functions do not reliably check their arguments, causing
malformed section and option names to end up in the delta file, letting the
uci cli and other components to segfault when processung such invalid
entries.
In order to prevent that, manually test received values before passing them
on to libuci.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Sun, 13 May 2018 19:13:05 +0000 (21:13 +0200)]
uci: fix memory leak in rpc_uci_replace_savedir()
The rpc_uci_replace_savedir() function did not take into account that libuci
uci_set_savedir() does an additional implicit uci_strdup() of the directory
path string when appending a new delta directory item.
Due to this oversight, only the struct uci_element items got freed, but not
the duplicated path string, leading to leaking memory when invoking the uci
api with session id argument.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Tue, 8 May 2018 18:43:00 +0000 (20:43 +0200)]
exec: close stdout and stderr streams on child signal
This prevents timing out ubus call when the child invokes further detached
childs inheriting stdio descriptors.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 15 Mar 2018 23:42:18 +0000 (00:42 +0100)]
uci: use correct sort index when reordering sections
When reordering, the section indexes must be 0-based while the current
implementation incorrectly numbers starting with 1.
Fix this by start numbering ther sections with index 0.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 19 Apr 2018 13:13:25 +0000 (15:13 +0200)]
uci: fix memory leak in rpc_uci_apply_timeout()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 19 Apr 2018 12:02:30 +0000 (14:02 +0200)]
uci: switch to proper save directory on apply/rollback
The existing code failed to set the uci cursor save directory to the current
session path, causing the apply routine to either fail or to merge settings
from unrelated neighboring sessions, potentially leaking data.
Solve the issue by switching the uci cursor save directory to the session
directory before performing the actual apply actions.
Additionally set the save directory path to "/dev/null" during rollback, to
avoid merging unrelated system wide uci changes when restoring configs from
the snapshot directory.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 19 Apr 2018 11:54:40 +0000 (13:54 +0200)]
uci: add rpc_uci_replace_savedir() helper
The rpc_uci_replace_savedir() function removes all configured save directories
from the uci cursor instance and adds the given path argument as sole item.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 15 Mar 2018 11:22:34 +0000 (12:22 +0100)]
session: ignore non-string username attribute upon restore
When restoring session information from blob data, only consider the
embedded username attribute if it is a string value.
Other types may cause invalid memory accesses when attempting to strcmp()
the attribute value.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 15 Mar 2018 10:22:47 +0000 (11:22 +0100)]
session: support reclaiming pending apply session
Reclaim the pending apply session upon login when the username matches the
current login.
This is required to support apply-confirm-rollback workflow for ubus browser
clients, since changing IPs requires re-login to the device due to cross
domain restrictions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 15 Mar 2018 11:05:31 +0000 (12:05 +0100)]
session: remove redundant key attribute to rpc_session_set()
The given const char *key was used to look up the blob attribute, while
the blob attributes internal name was used to store it in the avl tree.
This leads to confusion and potential memory leaks when the given key name
does not match the blob attributes internal name.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Jo-Philipp Wich [Thu, 15 Mar 2018 10:46:54 +0000 (11:46 +0100)]
uci: fix session delta isolation
The libuci `uci_set_savedir()` function does not replace, but appends the
requested delta directory to the search path, this causes information leaks
between sessions.
Due to a lack of an official api for this, clear the uci contexts private
delta path before setting the save directory.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Daniel Golle [Thu, 30 Nov 2017 16:41:28 +0000 (17:41 +0100)]
sys: packagelist: allow listing all packages
Introduce optional boolean attribute 'all' to allow listing all
installed packages instead of only the user-selected ones.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Roman Yeryomin [Sun, 26 Nov 2017 17:14:22 +0000 (19:14 +0200)]
sys: fix passwd path
Signed-off-by: Roman Yeryomin <roman@advem.lv>
Daniel Golle [Sun, 12 Nov 2017 20:41:05 +0000 (21:41 +0100)]
sys: fix memory leak in packagelist
Fixes commit
4e483312b0.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle [Sun, 12 Nov 2017 16:25:18 +0000 (17:25 +0100)]
sys: add packagelist method
Add method to list installed software packages directly from
/usr/lib/opkg/status (ie. no need to have opkg installed).
ubus call rpc-sys packagelist
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Rafał Miłecki [Thu, 9 Nov 2017 14:08:16 +0000 (15:08 +0100)]
plugin: use RTLD_LOCAL instead of RTLD_GLOBAL when loading library
RTLD_GLOBAL was used to allow plugins use each other symbols but this
facility was (most likely) never used and is a bad design anyway. If
there is a common code it should just go to a library.
Using RTLD_LOCAL on the other hand saves us from conflicting symbols
used by different plugins. An example can be iwinfo plugin using libnl.
If there appears to be another plugin using incompatible netlink
implementation this will result in a problem. Both plugins will start
using the same libnl which will break one of them.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Florian Fainelli [Sat, 3 Dec 2016 17:34:44 +0000 (09:34 -0800)]
cmake: Find libubox/blobmsg_json.h
Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for blobmsg_json.h.
Some external toolchains which do not include standard locations would fail to
find the header otherwise.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Sat, 3 Dec 2016 17:34:45 +0000 (09:34 -0800)]
sys: Check return values of chdir and write
Fixes the following warnings:
rpcd/sys.c: In function 'rpc_cgi_password_set':
rpcd/sys.c:116:8: error: ignoring return value of 'chdir', declared with attribute warn_unused_result [-Werror=unused-result]
chdir("/");
^
rpcd/sys.c:125:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], blobmsg_data(tb[RPC_P_PASSWORD]),
^
rpcd/sys.c:127:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], "\n", 1);
^
rpcd/sys.c:131:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], blobmsg_data(tb[RPC_P_PASSWORD]),
^
rpcd/sys.c:133:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], "\n", 1);
^
cc1: all warnings being treated as errors
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Florian Fainelli [Mon, 11 Jul 2016 21:03:49 +0000 (14:03 -0700)]
cmake: Find libubus.h
Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for libubus.h. Some
external toolchains which do not include standard locations would fail
to find the header otherwise.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Jo-Philipp Wich [Wed, 29 Jun 2016 22:36:01 +0000 (00:36 +0200)]
iwinfo: expose available HT rates
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Denis Osvald [Thu, 2 Jun 2016 15:06:30 +0000 (17:06 +0200)]
iwinfo: zero out ccode buffer since library doesn't
Making an ubus call iwinfo countrylist '{"device":"radio0"}' will result
in some entries having garbage uninitialized stack bytes in the "code"
fields.
With this patch we zero-initialize the buffer that libiwinfo writes to,
making it NUL-terminated so that behavior doesn't happen anymore.
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
Luka Perkov [Mon, 11 Apr 2016 16:56:53 +0000 (18:56 +0200)]
file: add myself in Copyright header
Signed-off-by: Luka Perkov <luka@openwrt.org>
Luka Perkov [Tue, 12 Apr 2016 08:56:21 +0000 (10:56 +0200)]
file: handle return output of b64_decode
Solve this compile warning:
file.c:300:16: error: comparison of unsigned expression < 0 is always false [-Werror,-Wtautological-compare]
if (data_len < 0)
Signed-off-by: Luka Perkov <luka@openwrt.org>
Luka Perkov [Mon, 11 Apr 2016 16:56:51 +0000 (18:56 +0200)]
file: add append write support
Signed-off-by: Luka Perkov <luka@openwrt.org>
Jo-Philipp Wich [Mon, 23 Nov 2015 18:11:44 +0000 (19:11 +0100)]
uci: allow setting zero-length values (to delete an option)
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Javier Domingo Cansino [Wed, 11 Nov 2015 13:10:11 +0000 (13:10 +0000)]
paths: substitute literal with macro
Signed-off-by: Javier Domingo Cansino <javierdo1@gmail.com>
John Crispin [Fri, 21 Aug 2015 05:45:44 +0000 (07:45 +0200)]
add a reload_config method to the uci object
Signed-off-by: John Crispin <blogic@openwrt.org>
John Crispin [Thu, 20 Aug 2015 20:49:43 +0000 (22:49 +0200)]
add a system object that allows us to set passwords and trigger sysupgrade
Signed-off-by: John Crispin <blogic@openwrt.org>
Luka Perkov [Mon, 11 May 2015 21:28:19 +0000 (23:28 +0200)]
file: be consistent with string termination character
Signed-off-by: Luka Perkov <luka@openwrt.org>
Luka Perkov [Mon, 11 May 2015 21:28:18 +0000 (23:28 +0200)]
file: add support for setting mode when writing files
Signed-off-by: Luka Perkov <luka@openwrt.org>
Luka Perkov [Mon, 11 May 2015 22:22:01 +0000 (00:22 +0200)]
file: add support for base64
Signed-off-by: Luka Perkov <luka@openwrt.org>
Jo-Philipp Wich [Sun, 17 May 2015 12:13:02 +0000 (14:13 +0200)]
uci: unload package on revert
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Luka Perkov [Sun, 12 Apr 2015 01:56:50 +0000 (03:56 +0200)]
file: add md5sum support
Signed-off-by: Luka Perkov <luka@openwrt.org>
John Crispin [Sat, 28 Mar 2015 16:05:56 +0000 (17:05 +0100)]
properly handle return codes
Signed-off-by: John Crispin <blogic@openwrt.org>
Luka Perkov [Tue, 10 Mar 2015 17:00:03 +0000 (18:00 +0100)]
file: free memory after opendir()
Signed-off-by: Luka Perkov <luka@openwrt.org>
Luka Perkov [Tue, 10 Mar 2015 17:00:02 +0000 (18:00 +0100)]
file: use blob_buf_free()
Signed-off-by: Luka Perkov <luka@openwrt.org>
Luka Perkov [Tue, 10 Mar 2015 17:00:01 +0000 (18:00 +0100)]
file: show "data" ubus parameter only when used
The ubus calls for file read, list and stat do not use data parameter, so lets
remove them to avoid confusion.
Signed-off-by: Luka Perkov <luka@openwrt.org>
John Crispin [Sun, 8 Mar 2015 14:04:13 +0000 (15:04 +0100)]
fix for json 0.12
Signed-off-by: John Crispin <blogic@openwrt.org>
Jo-Philipp Wich [Thu, 26 Feb 2015 15:34:31 +0000 (16:34 +0100)]
cmake: fix libcrypt test
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Jo-Philipp Wich [Wed, 11 Feb 2015 13:04:08 +0000 (14:04 +0100)]
iwinfo: add phyname procedure
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Jo-Philipp Wich [Mon, 9 Feb 2015 11:51:44 +0000 (12:51 +0100)]
session: fix method signatures for create, list and destroy
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Felix Fietkau [Sat, 29 Nov 2014 18:43:00 +0000 (19:43 +0100)]
iwinfo: add support for requesting assoc info for a specific mac address
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Mon, 20 Oct 2014 13:49:24 +0000 (15:49 +0200)]
iwinfo: add 802.11ac hw mode
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 4 Oct 2014 17:55:58 +0000 (19:55 +0200)]
iwinfo: use UBUS_METHOD_NOARG
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Felix Fietkau [Sat, 4 Oct 2014 17:54:58 +0000 (19:54 +0200)]
plugin.h: explicitly include json.h
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Jo-Philipp Wich [Thu, 3 Jul 2014 21:39:21 +0000 (23:39 +0200)]
plugin: fix parsing libexec plugin output
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Felix Fietkau [Sun, 29 Jun 2014 21:22:50 +0000 (23:22 +0200)]
session: add missing include
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
Luka Perkov [Thu, 29 May 2014 10:57:35 +0000 (12:57 +0200)]
uci: rework variable usage
Signed-off-by: Luka Perkov <luka@openwrt.org>
Luka Perkov [Wed, 29 Jan 2014 11:21:59 +0000 (11:21 +0000)]
fix segmentation fault when plugins are loaded
Function rpc_plugin_register_library() is modifying the struct's contents in
list_add() call. That said, the rpc_plugin struct should not be defined as
const. This caused segmentation fault when built on up-to-date Arch Linux.
Signed-off-by: Luka Perkov <luka@openwrt.org>
Luka Perkov [Wed, 29 Jan 2014 11:21:58 +0000 (11:21 +0000)]
file: when writing a file make sure it's contents are stored
Fixes problems with ubi(fs).
Signed-off-by: Luka Perkov <luka@openwrt.org>
Luka Perkov [Wed, 29 Jan 2014 11:21:57 +0000 (11:21 +0000)]
file: create a file on write if it does not exist
Signed-off-by: Luka Perkov <luka@openwrt.org>
Luka Perkov [Wed, 29 Jan 2014 11:21:56 +0000 (11:21 +0000)]
fix whitespaces
Signed-off-by: Luka Perkov <luka@openwrt.org>
Jo-Philipp Wich [Sun, 19 Jan 2014 19:45:25 +0000 (19:45 +0000)]
session: make object and function arguments of session.access optional, dump effective acls in this case
Jo-Philipp Wich [Sun, 12 Jan 2014 17:43:48 +0000 (17:43 +0000)]
uci: fix same buffer reuse introduced by previous commit
Jo-Philipp Wich [Sun, 12 Jan 2014 17:33:46 +0000 (17:33 +0000)]
debug
Jo-Philipp Wich [Sun, 12 Jan 2014 17:23:27 +0000 (17:23 +0000)]
uci: grant access to confirm and rollback methods only to initiating session
Previously any session with access permissions for the corresponding method
was able to confirm or rollback commits initiated by another session.
Change those methods to only grant access to the initiating session.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Jo-Philipp Wich [Sun, 12 Jan 2014 17:02:43 +0000 (17:02 +0000)]
uci: introduce confirm method to cancel pending rollbacks without side effects
Calling commit with rollback=false to cancel a pending rollback timer can
potentially trigger another commit if no rollback is actually pending.
This introduces a new method "confirm" which cancels the rollback timer
without any other possible side effects.
While being at it, change the return code when trying to commit during
a pending rollback or when trying to rollback without a pending timeout to
UBUS_STATUS_NO_DATA. This is needed to be able to differentiate between a
denied request and an inappropriate state.
Also change the error return code for glob() failures to the more
appropriate UBUS_STATUS_NOT_FOUND.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Jo-Philipp Wich [Sun, 12 Jan 2014 12:48:58 +0000 (12:48 +0000)]
Extend copyright
Jo-Philipp Wich [Sun, 12 Jan 2014 12:45:11 +0000 (12:45 +0000)]
uci: rename uci.apply "commit" attribute to "roolback" and invert its logic
John Crispin [Wed, 18 Dec 2013 12:59:16 +0000 (13:59 +0100)]
config.change triggers should only run if the config is valid
Signed-off-by: John Crispin <blogic@openwrt.org>
John Crispin [Wed, 18 Dec 2013 12:56:54 +0000 (13:56 +0100)]
fix inverted apply_running check
Signed-off-by: John Crispin <blogic@openwrt.org>
Jo-Philipp Wich [Sat, 23 Nov 2013 20:31:39 +0000 (20:31 +0000)]
uci: make config argument of changes call optional to allow listing all changes in all files
Jo-Philipp Wich [Sat, 23 Nov 2013 19:30:29 +0000 (19:30 +0000)]
uci: add state call to retrieve uci state variables
Jo-Philipp Wich [Sat, 26 Oct 2013 14:16:29 +0000 (14:16 +0000)]
session: fix file descriptor leak in rpc_blob_from_file()
Alexander Couzens [Thu, 10 Oct 2013 04:30:31 +0000 (06:30 +0200)]
rpcd: CMake: fix out of tree builds
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
Jo-Philipp Wich [Sun, 29 Sep 2013 13:11:37 +0000 (13:11 +0000)]
uci: clear ptr.value in rpc_uci_merge_set(), this fixes missing delete deltas if multiple options are merged
Jo-Philipp Wich [Fri, 13 Sep 2013 12:52:35 +0000 (14:52 +0200)]
session: change "sid" attribute to "ubus_rpc_session", this ensures that exposed session calls are confined to the calling session context
Jo-Philipp Wich [Thu, 12 Sep 2013 11:36:49 +0000 (13:36 +0200)]
plugin: use blobmsg_type() instead of blob_id()
Jo-Philipp Wich [Thu, 12 Sep 2013 11:31:21 +0000 (13:31 +0200)]
session.c: use blobmsg_type() instead of blob_id()
Jo-Philipp Wich [Thu, 12 Sep 2013 11:10:30 +0000 (13:10 +0200)]
session: support negative group expressions
This change allows excluding specific groups after a wildcard expression.
The following example would grant read access to any acl group except the
group named "example".
list read '*'
list read '!example'
Jo-Philipp Wich [Thu, 12 Sep 2013 10:13:05 +0000 (12:13 +0200)]
session: restore ACL dumping for session get and session list calls
Jo-Philipp Wich [Thu, 12 Sep 2013 09:51:58 +0000 (11:51 +0200)]
session: fix enum mismatch in rpc_handle_get() and rpc_handle_set()
Jo-Philipp Wich [Thu, 12 Sep 2013 09:50:33 +0000 (11:50 +0200)]
session: remove unused ctx argument from rpc_session_grant() and rpc_session_destroy()
Jo-Philipp Wich [Thu, 12 Sep 2013 09:45:59 +0000 (11:45 +0200)]
session: do not dump and restore session ACLs but recalculate them when restoring the session
Jo-Philipp Wich [Thu, 12 Sep 2013 08:35:55 +0000 (10:35 +0200)]
session: disallow destroying the null session
Jo-Philipp Wich [Wed, 11 Sep 2013 11:16:27 +0000 (13:16 +0200)]
uci: properly deal with uci_load() failures
Jo-Philipp Wich [Tue, 10 Sep 2013 18:12:39 +0000 (20:12 +0200)]
session: fix argument order of crypt() and prevent segfault if /etc/config/rpcd does not exist
Jo-Philipp Wich [Tue, 10 Sep 2013 18:01:05 +0000 (20:01 +0200)]
session: use correct policy for rpc_handle_login()
Jo-Philipp Wich [Tue, 10 Sep 2013 17:41:29 +0000 (19:41 +0200)]
session: setup a persistent NULL section and implement login procedure
Jo-Philipp Wich [Mon, 9 Sep 2013 14:32:53 +0000 (16:32 +0200)]
Drop LuCI2 backend, it will move to its own repository