uci: reset uci_ptr flags when merging options during section add

[oweals/rpcd.git] / uci.c

diff --git a/uci.c b/uci.c
index 3fd187d65e8227f5debbe01436c68f302285dc40..327b17fcec6d80bc152bdfc1f7bc06925a0c22af 100644 (file)
--- a/uci.c
+++ b/uci.c
@@ -1,7 +1,7 @@
 /*
  * rpcd - UBUS RPC server
  *
- *   Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
+ *   Copyright (C) 2013-2014 Jo-Philipp Wich <jow@openwrt.org>
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -16,11 +16,22 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include <libgen.h>
+#include <glob.h>
+
+#include <libubox/blobmsg.h>
+#include <libubox/blobmsg_json.h>
+
 #include <rpcd/uci.h>
+#include <rpcd/exec.h>
 #include <rpcd/session.h>
 
 static struct blob_buf buf;
 static struct uci_context *cursor;
+static struct uloop_timeout apply_timer;
+static struct ubus_context *apply_ctx;
+
+char apply_sid[RPC_SID_LEN + 1];
 
 enum {
        RPC_G_CONFIG,
@@ -146,6 +157,84 @@ static const struct blobmsg_policy rpc_uci_config_policy[__RPC_C_MAX] = {
                                                .type = BLOBMSG_TYPE_STRING },
 };
 
+enum {
+       RPC_T_ROLLBACK,
+       RPC_T_TIMEOUT,
+       RPC_T_SESSION,
+       __RPC_T_MAX,
+};
+
+static const struct blobmsg_policy rpc_uci_apply_policy[__RPC_T_MAX] = {
+       [RPC_T_ROLLBACK] = { .name = "rollback", .type = BLOBMSG_TYPE_BOOL },
+       [RPC_T_TIMEOUT]  = { .name = "timeout", .type = BLOBMSG_TYPE_INT32 },
+       [RPC_T_SESSION]  = { .name = "ubus_rpc_session",
+                                               .type = BLOBMSG_TYPE_STRING },
+};
+
+enum {
+       RPC_B_SESSION,
+       __RPC_B_MAX,
+};
+
+static const struct blobmsg_policy rpc_uci_rollback_policy[__RPC_B_MAX] = {
+       [RPC_B_SESSION]  = { .name = "ubus_rpc_session",
+                                               .type = BLOBMSG_TYPE_STRING },
+};
+
+/*
+ * Validate a uci name
+ */
+static bool
+rpc_uci_verify_str(const char *name, bool extended, bool type)
+{
+       const char *c;
+       char *e;
+
+       if (!name || !*name)
+               return false;
+
+       if (extended && *name != '@')
+               extended = false;
+
+       for (c = name + extended; *c; c++)
+               if (!isalnum(*c) && *c != '_' && ((!type && !extended) || *c != '-'))
+                       break;
+
+       if (extended) {
+               if (*c != '[')
+                       return false;
+
+               strtol(++c, &e, 10);
+
+               return (e > c && *e == ']' && *(e+1) == 0);
+       }
+
+       return (*c == 0);
+}
+
+/*
+ * Check that string is a valid, shell compatible uci name
+ */
+static bool rpc_uci_verify_name(const char *name) {
+       return rpc_uci_verify_str(name, false, false);
+}
+
+/*
+ * Check that string is a valid section type name
+ */
+static bool rpc_uci_verify_type(const char *type) {
+       return rpc_uci_verify_str(type, false, true);
+}
+
+/*
+ * Check that the string is a valid section id, optionally in extended
+ * lookup notation
+ */
+static bool rpc_uci_verify_section(const char *section) {
+       return rpc_uci_verify_str(section, true, false);
+}
+
+
 /*
  * Turn uci error state into ubus return code
  */
@@ -168,6 +257,29 @@ rpc_uci_status(void)
        }
 }
 
+/*
+ * Clear all save directories from the uci cursor and append the given path
+ * as new save directory.
+ */
+static void
+rpc_uci_replace_savedir(const char *path)
+{
+       struct uci_element *e, *tmp;
+
+       uci_foreach_element_safe(&cursor->delta_path, tmp, e) {
+               if (e->name)
+                       free(e->name);
+
+               free(e);
+       }
+
+       cursor->delta_path.prev = &cursor->delta_path;
+       cursor->delta_path.next = &cursor->delta_path;
+
+       if (path)
+               uci_set_savedir(cursor, path);
+}
+
 /*
  * Setup per-session delta save directory. If the passed "sid" blob attribute
  * pointer is NULL then the precedure was not invoked through the ubus-rpc so
@@ -180,14 +292,14 @@ rpc_uci_set_savedir(struct blob_attr *sid)
 
        if (!sid)
        {
-               uci_set_savedir(cursor, "/tmp/.uci");
+               rpc_uci_replace_savedir("/tmp/.uci");
                return;
        }
 
        snprintf(path, sizeof(path) - 1,
-                "/tmp/.uci-rpc-%s", (char *)blobmsg_data(sid));
+                RPC_UCI_SAVEDIR_PREFIX "%s", blobmsg_get_string(sid));
 
-       uci_set_savedir(cursor, path);
+       rpc_uci_replace_savedir(path);
 }
 
 /*
@@ -238,8 +350,7 @@ rpc_uci_format_blob(struct blob_attr *v, const char **p)
        switch (blobmsg_type(v))
        {
        case BLOBMSG_TYPE_STRING:
-               if (blobmsg_data_len(v) > 1)
-                       *p = blobmsg_data(v);
+               *p = blobmsg_data(v);
                break;
 
        case BLOBMSG_TYPE_INT64:
@@ -487,9 +598,8 @@ rpc_uci_dump_package(struct uci_package *p, const char *name,
 
 
 static int
-rpc_uci_get(struct ubus_context *ctx, struct ubus_object *obj,
-            struct ubus_request_data *req, const char *method,
-            struct blob_attr *msg)
+rpc_uci_getcommon(struct ubus_context *ctx, struct ubus_request_data *req,
+                  struct blob_attr *msg, bool use_state)
 {
        struct blob_attr *tb[__RPC_G_MAX];
        struct uci_package *p = NULL;
@@ -505,10 +615,12 @@ rpc_uci_get(struct ubus_context *ctx, struct ubus_object *obj,
                return UBUS_STATUS_PERMISSION_DENIED;
 
        ptr.package = blobmsg_data(tb[RPC_G_CONFIG]);
-       uci_load(cursor, ptr.package, &p);
 
-       if (!p)
-               goto out;
+       if (use_state)
+               uci_set_savedir(cursor, "/var/state");
+
+       if (uci_load(cursor, ptr.package, &p))
+               return rpc_uci_status();
 
        if (tb[RPC_G_SECTION])
        {
@@ -544,12 +656,27 @@ rpc_uci_get(struct ubus_context *ctx, struct ubus_object *obj,
        ubus_send_reply(ctx, req, buf.head);
 
 out:
-       if (p)
-               uci_unload(cursor, p);
+       uci_unload(cursor, p);
 
        return rpc_uci_status();
 }
 
+static int
+rpc_uci_get(struct ubus_context *ctx, struct ubus_object *obj,
+            struct ubus_request_data *req, const char *method,
+            struct blob_attr *msg)
+{
+       return rpc_uci_getcommon(ctx, req, msg, false);
+}
+
+static int
+rpc_uci_state(struct ubus_context *ctx, struct ubus_object *obj,
+              struct ubus_request_data *req, const char *method,
+              struct blob_attr *msg)
+{
+       return rpc_uci_getcommon(ctx, req, msg, true);
+}
+
 static int
 rpc_uci_add(struct ubus_context *ctx, struct ubus_object *obj,
             struct ubus_request_data *req, const char *method,
@@ -560,7 +687,7 @@ rpc_uci_add(struct ubus_context *ctx, struct ubus_object *obj,
        struct uci_package *p = NULL;
        struct uci_section *s;
        struct uci_ptr ptr = { 0 };
-       int rem, rem2;
+       int rem, rem2, err = 0;
 
        blobmsg_parse(rpc_uci_add_policy, __RPC_A_MAX, tb,
                      blob_data(msg), blob_len(msg));
@@ -571,12 +698,17 @@ rpc_uci_add(struct ubus_context *ctx, struct ubus_object *obj,
        if (!rpc_uci_write_access(tb[RPC_A_SESSION], tb[RPC_A_CONFIG]))
                return UBUS_STATUS_PERMISSION_DENIED;
 
-       ptr.package = blobmsg_data(tb[RPC_A_CONFIG]);
+       if (!rpc_uci_verify_type(blobmsg_data(tb[RPC_A_TYPE])))
+               return UBUS_STATUS_INVALID_ARGUMENT;
 
-       uci_load(cursor, ptr.package, &p);
+       if (tb[RPC_A_NAME] &&
+           !rpc_uci_verify_name(blobmsg_data(tb[RPC_A_NAME])))
+               return UBUS_STATUS_INVALID_ARGUMENT;
 
-       if (!p)
-               goto out;
+       ptr.package = blobmsg_data(tb[RPC_A_CONFIG]);
+
+       if (uci_load(cursor, ptr.package, &p))
+               return rpc_uci_status();
 
        /* add named section */
        if (tb[RPC_A_NAME])
@@ -602,39 +734,73 @@ rpc_uci_add(struct ubus_context *ctx, struct ubus_object *obj,
        {
                blobmsg_for_each_attr(cur, tb[RPC_A_VALUES], rem)
                {
+                       ptr.flags = 0;
                        ptr.o = NULL;
                        ptr.option = blobmsg_name(cur);
 
+                       if (!rpc_uci_verify_name(ptr.option))
+                       {
+                               if (!err)
+                                       err = UBUS_STATUS_INVALID_ARGUMENT;
+
+                               continue;
+                       }
+
                        if (rpc_uci_lookup(&ptr) || !ptr.s)
+                       {
+                               if (!err)
+                                       err = UBUS_STATUS_NOT_FOUND;
+
                                continue;
+                       }
 
                        switch (blobmsg_type(cur))
                        {
                        case BLOBMSG_TYPE_ARRAY:
                                blobmsg_for_each_attr(elem, cur, rem2)
-                                       if (rpc_uci_format_blob(elem, &ptr.value))
-                                               uci_add_list(cursor, &ptr);
+                               {
+                                       if (!rpc_uci_format_blob(elem, &ptr.value))
+                                       {
+                                               if (!err)
+                                                       err = UBUS_STATUS_INVALID_ARGUMENT;
+
+                                               continue;
+                                       }
+
+                                       uci_add_list(cursor, &ptr);
+                               }
+
                                break;
 
                        default:
-                               if (rpc_uci_format_blob(cur, &ptr.value))
+                               if (!rpc_uci_format_blob(cur, &ptr.value))
+                               {
+                                       if (!err)
+                                               err = UBUS_STATUS_INVALID_ARGUMENT;
+                               }
+                               else
+                               {
                                        uci_set(cursor, &ptr);
+                               }
+
                                break;
                        }
                }
        }
 
-       uci_save(cursor, p);
+       if (!err)
+       {
+               uci_save(cursor, p);
 
-       blob_buf_init(&buf, 0);
-       blobmsg_add_string(&buf, "section", ptr.section);
-       ubus_send_reply(ctx, req, buf.head);
+               blob_buf_init(&buf, 0);
+               blobmsg_add_string(&buf, "section", ptr.section);
+               ubus_send_reply(ctx, req, buf.head);
+       }
 
 out:
-       if (p)
-               uci_unload(cursor, p);
+       uci_unload(cursor, p);
 
-       return rpc_uci_status();
+       return err ? err : rpc_uci_status();
 }
 
 /*
@@ -646,39 +812,60 @@ out:
  *  3) in all other cases only emit a set operation if there is no existing
  *     option of if the existing options value differs from the blob value
  */
-static void
+static int
 rpc_uci_merge_set(struct blob_attr *opt, struct uci_ptr *ptr)
 {
        struct blob_attr *cur;
-       int rem;
+       int rem, rv;
 
+       ptr->flags = 0;
        ptr->o = NULL;
        ptr->option = blobmsg_name(opt);
+       ptr->value = NULL;
+
+       if (!rpc_uci_verify_name(ptr->option))
+               return UBUS_STATUS_INVALID_ARGUMENT;
 
        if (rpc_uci_lookup(ptr) || !ptr->s)
-               return;
+               return UBUS_STATUS_NOT_FOUND;
 
        if (blobmsg_type(opt) == BLOBMSG_TYPE_ARRAY)
        {
                if (ptr->o)
                        uci_delete(cursor, ptr);
 
+               rv = UBUS_STATUS_INVALID_ARGUMENT;
+
                blobmsg_for_each_attr(cur, opt, rem)
-                       if (rpc_uci_format_blob(cur, &ptr->value))
-                               uci_add_list(cursor, ptr);
+               {
+                       if (!rpc_uci_format_blob(cur, &ptr->value))
+                               continue;
+
+                       uci_add_list(cursor, ptr);
+                       rv = 0;
+               }
+
+               return rv;
        }
        else if (ptr->o && ptr->o->type == UCI_TYPE_LIST)
        {
                uci_delete(cursor, ptr);
 
-               if (rpc_uci_format_blob(opt, &ptr->value))
-                       uci_set(cursor, ptr);
+               if (!rpc_uci_format_blob(opt, &ptr->value))
+                       return UBUS_STATUS_INVALID_ARGUMENT;
+
+               uci_set(cursor, ptr);
        }
-       else if (rpc_uci_format_blob(opt, &ptr->value))
+       else
        {
+               if (!rpc_uci_format_blob(opt, &ptr->value))
+                       return UBUS_STATUS_INVALID_ARGUMENT;
+
                if (!ptr->o || !ptr->o->v.string || strcmp(ptr->o->v.string, ptr->value))
                        uci_set(cursor, ptr);
        }
+
+       return 0;
 }
 
 static int
@@ -691,7 +878,7 @@ rpc_uci_set(struct ubus_context *ctx, struct ubus_object *obj,
        struct uci_package *p = NULL;
        struct uci_element *e;
        struct uci_ptr ptr = { 0 };
-       int rem;
+       int rem, rv, err = 0;
 
        blobmsg_parse(rpc_uci_set_policy, __RPC_S_MAX, tb,
                      blob_data(msg), blob_len(msg));
@@ -703,17 +890,25 @@ rpc_uci_set(struct ubus_context *ctx, struct ubus_object *obj,
        if (!rpc_uci_write_access(tb[RPC_S_SESSION], tb[RPC_S_CONFIG]))
                return UBUS_STATUS_PERMISSION_DENIED;
 
+       if (tb[RPC_S_SECTION] &&
+           !rpc_uci_verify_section(blobmsg_data(tb[RPC_S_SECTION])))
+               return UBUS_STATUS_INVALID_ARGUMENT;
+
        ptr.package = blobmsg_data(tb[RPC_S_CONFIG]);
-       uci_load(cursor, ptr.package, &p);
 
-       if (!p)
-               goto out;
+       if (uci_load(cursor, ptr.package, &p))
+               return rpc_uci_status();
 
        if (tb[RPC_S_SECTION])
        {
                ptr.section = blobmsg_data(tb[RPC_S_SECTION]);
                blobmsg_for_each_attr(cur, tb[RPC_S_VALUES], rem)
-                       rpc_uci_merge_set(cur, &ptr);
+               {
+                       rv = rpc_uci_merge_set(cur, &ptr);
+
+                       if (rv)
+                               err = rv;
+               }
        }
        else
        {
@@ -727,17 +922,24 @@ rpc_uci_set(struct ubus_context *ctx, struct ubus_object *obj,
                        ptr.section = e->name;
 
                        blobmsg_for_each_attr(cur, tb[RPC_S_VALUES], rem)
-                               rpc_uci_merge_set(cur, &ptr);
+                       {
+                               rv = rpc_uci_merge_set(cur, &ptr);
+
+                               if (rv)
+                                       err = rv;
+                       }
                }
        }
 
-       uci_save(cursor, p);
+       if (!err && !ptr.s)
+               err = UBUS_STATUS_NOT_FOUND;
 
-out:
-       if (p)
-               uci_unload(cursor, p);
+       if (!err)
+               uci_save(cursor, p);
 
-       return rpc_uci_status();
+       uci_unload(cursor, p);
+
+       return err ? err : rpc_uci_status();
 }
 
 /*
@@ -746,14 +948,14 @@ out:
  *  2) if the blob is of type string, delete the option named after its value
  *  3) if the blob is NULL, delete entire section
  */
-static void
+static int
 rpc_uci_merge_delete(struct blob_attr *opt, struct uci_ptr *ptr)
 {
        struct blob_attr *cur;
-       int rem;
+       int rem, rv;
 
        if (rpc_uci_lookup(ptr) || !ptr->s)
-               return;
+               return UBUS_STATUS_NOT_FOUND;
 
        if (!opt)
        {
@@ -761,9 +963,12 @@ rpc_uci_merge_delete(struct blob_attr *opt, struct uci_ptr *ptr)
                ptr->option = NULL;
 
                uci_delete(cursor, ptr);
+               return 0;
        }
        else if (blobmsg_type(opt) == BLOBMSG_TYPE_ARRAY)
        {
+               rv = UBUS_STATUS_NOT_FOUND;
+
                blobmsg_for_each_attr(cur, opt, rem)
                {
                        if (blobmsg_type(cur) != BLOBMSG_TYPE_STRING)
@@ -776,7 +981,10 @@ rpc_uci_merge_delete(struct blob_attr *opt, struct uci_ptr *ptr)
                                continue;
 
                        uci_delete(cursor, ptr);
+                       rv = 0;
                }
+
+               return rv;
        }
        else if (blobmsg_type(opt) == BLOBMSG_TYPE_STRING)
        {
@@ -784,10 +992,13 @@ rpc_uci_merge_delete(struct blob_attr *opt, struct uci_ptr *ptr)
                ptr->option = blobmsg_data(opt);
 
                if (rpc_uci_lookup(ptr) || !ptr->o)
-                       return;
+                       return UBUS_STATUS_NOT_FOUND;
 
                uci_delete(cursor, ptr);
+               return 0;
        }
+
+       return UBUS_STATUS_INVALID_ARGUMENT;
 }
 
 static int
@@ -799,6 +1010,7 @@ rpc_uci_delete(struct ubus_context *ctx, struct ubus_object *obj,
        struct uci_package *p = NULL;
        struct uci_element *e, *tmp;
        struct uci_ptr ptr = { 0 };
+       int err = 0;
 
        blobmsg_parse(rpc_uci_delete_policy, __RPC_D_MAX, tb,
                      blob_data(msg), blob_len(msg));
@@ -810,20 +1022,27 @@ rpc_uci_delete(struct ubus_context *ctx, struct ubus_object *obj,
        if (!rpc_uci_write_access(tb[RPC_D_SESSION], tb[RPC_D_CONFIG]))
                return UBUS_STATUS_PERMISSION_DENIED;
 
+       if (tb[RPC_D_TYPE] &&
+           !rpc_uci_verify_type(blobmsg_data(tb[RPC_D_TYPE])))
+               return UBUS_STATUS_INVALID_ARGUMENT;
+
+       if (tb[RPC_D_SECTION] &&
+           !rpc_uci_verify_section(blobmsg_data(tb[RPC_D_SECTION])))
+               return UBUS_STATUS_INVALID_ARGUMENT;
+
        ptr.package = blobmsg_data(tb[RPC_D_CONFIG]);
-       uci_load(cursor, ptr.package, &p);
 
-       if (!p)
-               goto out;
+       if (uci_load(cursor, ptr.package, &p))
+               return rpc_uci_status();
 
        if (tb[RPC_D_SECTION])
        {
                ptr.section = blobmsg_data(tb[RPC_D_SECTION]);
 
                if (tb[RPC_D_OPTIONS])
-                       rpc_uci_merge_delete(tb[RPC_D_OPTIONS], &ptr);
+                       err = rpc_uci_merge_delete(tb[RPC_D_OPTIONS], &ptr);
                else
-                       rpc_uci_merge_delete(tb[RPC_D_OPTION], &ptr);
+                       err = rpc_uci_merge_delete(tb[RPC_D_OPTION], &ptr);
        }
        else
        {
@@ -837,19 +1056,21 @@ rpc_uci_delete(struct ubus_context *ctx, struct ubus_object *obj,
                        ptr.section = e->name;
 
                        if (tb[RPC_D_OPTIONS])
-                               rpc_uci_merge_delete(tb[RPC_D_OPTIONS], &ptr);
+                               err = rpc_uci_merge_delete(tb[RPC_D_OPTIONS], &ptr);
                        else
-                               rpc_uci_merge_delete(tb[RPC_D_OPTION], &ptr);
+                               err = rpc_uci_merge_delete(tb[RPC_D_OPTION], &ptr);
                }
+
+               if (!err && !ptr.section)
+                       err = UBUS_STATUS_NOT_FOUND;
        }
 
-       uci_save(cursor, p);
+       if (!err)
+               uci_save(cursor, p);
 
-out:
-       if (p)
-               uci_unload(cursor, p);
+       uci_unload(cursor, p);
 
-       return rpc_uci_status();
+       return err ? err : rpc_uci_status();
 }
 
 static int
@@ -874,13 +1095,14 @@ rpc_uci_rename(struct ubus_context *ctx, struct ubus_object *obj,
        ptr.section = blobmsg_data(tb[RPC_R_SECTION]);
        ptr.value   = blobmsg_data(tb[RPC_R_NAME]);
 
+       if (!rpc_uci_verify_name(ptr.value))
+               return UBUS_STATUS_INVALID_ARGUMENT;
+
        if (tb[RPC_R_OPTION])
                ptr.option = blobmsg_data(tb[RPC_R_OPTION]);
 
-       uci_load(cursor, ptr.package, &p);
-
-       if (!p)
-               goto out;
+       if (uci_load(cursor, ptr.package, &p))
+               return rpc_uci_status();
 
        if (uci_lookup_ptr(cursor, &ptr, NULL, true))
                goto out;
@@ -897,8 +1119,7 @@ rpc_uci_rename(struct ubus_context *ctx, struct ubus_object *obj,
        uci_save(cursor, p);
 
 out:
-       if (p)
-               uci_unload(cursor, p);
+       uci_unload(cursor, p);
 
        return rpc_uci_status();
 }
@@ -912,7 +1133,7 @@ rpc_uci_order(struct ubus_context *ctx, struct ubus_object *obj,
        struct blob_attr *cur;
        struct uci_package *p = NULL;
        struct uci_ptr ptr = { 0 };
-       int rem, i = 1;
+       int rem, i = 0, err = 0;
 
        blobmsg_parse(rpc_uci_order_policy, __RPC_O_MAX, tb,
                      blob_data(msg), blob_len(msg));
@@ -925,32 +1146,39 @@ rpc_uci_order(struct ubus_context *ctx, struct ubus_object *obj,
 
        ptr.package = blobmsg_data(tb[RPC_O_CONFIG]);
 
-       uci_load(cursor, ptr.package, &p);
-
-       if (!p)
-               goto out;
+       if (uci_load(cursor, ptr.package, &p))
+               return rpc_uci_status();
 
        blobmsg_for_each_attr(cur, tb[RPC_O_SECTIONS], rem)
        {
                if (blobmsg_type(cur) != BLOBMSG_TYPE_STRING)
+               {
+                       if (!err)
+                               err = UBUS_STATUS_INVALID_ARGUMENT;
+
                        continue;
+               }
 
                ptr.s = NULL;
                ptr.section = blobmsg_data(cur);
 
                if (uci_lookup_ptr(cursor, &ptr, NULL, true) || !ptr.s)
+               {
+                       if (!err)
+                               err = UBUS_STATUS_NOT_FOUND;
+
                        continue;
+               }
 
                uci_reorder_section(cursor, ptr.s, i++);
        }
 
-       uci_save(cursor, p);
+       if (!err)
+               uci_save(cursor, p);
 
-out:
-       if (p)
-               uci_unload(cursor, p);
+       uci_unload(cursor, p);
 
-       return rpc_uci_status();
+       return err ? err : rpc_uci_status();
 }
 
 static void
@@ -997,46 +1225,107 @@ rpc_uci_changes(struct ubus_context *ctx, struct ubus_object *obj,
        struct blob_attr *tb[__RPC_C_MAX];
        struct uci_package *p = NULL;
        struct uci_element *e;
-       void *c;
+       char **configs;
+       void *c, *d;
+       int i;
 
        blobmsg_parse(rpc_uci_config_policy, __RPC_C_MAX, tb,
                      blob_data(msg), blob_len(msg));
 
-       if (!tb[RPC_C_CONFIG])
-               return UBUS_STATUS_INVALID_ARGUMENT;
+       if (tb[RPC_C_CONFIG])
+       {
+               if (!rpc_uci_read_access(tb[RPC_C_SESSION], tb[RPC_C_CONFIG]))
+                       return UBUS_STATUS_PERMISSION_DENIED;
 
-       if (!rpc_uci_read_access(tb[RPC_C_SESSION], tb[RPC_C_CONFIG]))
-               return UBUS_STATUS_PERMISSION_DENIED;
+               if (uci_load(cursor, blobmsg_data(tb[RPC_C_CONFIG]), &p))
+                       return rpc_uci_status();
 
-       uci_load(cursor, blobmsg_data(tb[RPC_C_CONFIG]), &p);
+               blob_buf_init(&buf, 0);
+               c = blobmsg_open_array(&buf, "changes");
 
-       if (!p)
-               goto out;
+               uci_foreach_element(&p->saved_delta, e)
+                       rpc_uci_dump_change(uci_to_delta(e));
+
+               blobmsg_close_array(&buf, c);
+
+               uci_unload(cursor, p);
+
+               ubus_send_reply(ctx, req, buf.head);
+
+               return rpc_uci_status();
+       }
+
+       rpc_uci_set_savedir(tb[RPC_C_SESSION]);
+
+       if (uci_list_configs(cursor, &configs))
+               return rpc_uci_status();
 
        blob_buf_init(&buf, 0);
-       c = blobmsg_open_array(&buf, "changes");
 
-       uci_foreach_element(&p->saved_delta, e)
-               rpc_uci_dump_change(uci_to_delta(e));
+       c = blobmsg_open_table(&buf, "changes");
 
-       blobmsg_close_array(&buf, c);
+       for (i = 0; configs[i]; i++)
+       {
+               if (tb[RPC_C_SESSION] &&
+                   !rpc_session_access(blobmsg_data(tb[RPC_C_SESSION]), "uci",
+                                       configs[i], "read"))
+                       continue;
 
-       ubus_send_reply(ctx, req, buf.head);
+               if (uci_load(cursor, configs[i], &p))
+                       continue;
+
+               if (!uci_list_empty(&p->saved_delta))
+               {
+                       d = blobmsg_open_array(&buf, configs[i]);
+
+                       uci_foreach_element(&p->saved_delta, e)
+                               rpc_uci_dump_change(uci_to_delta(e));
+
+                       blobmsg_close_array(&buf, d);
+               }
 
-out:
-       if (p)
                uci_unload(cursor, p);
+       }
 
-       return rpc_uci_status();
+       free(configs);
+
+       blobmsg_close_table(&buf, c);
+
+       ubus_send_reply(ctx, req, buf.head);
+
+       return 0;
+}
+
+static void
+rpc_uci_trigger_event(struct ubus_context *ctx, const char *config)
+{
+       char *pkg = strdup(config);
+       static struct blob_buf b;
+       uint32_t id;
+
+       if (!ubus_lookup_id(ctx, "service", &id)) {
+               void *c;
+
+               blob_buf_init(&b, 0);
+               blobmsg_add_string(&b, "type", "config.change");
+               c = blobmsg_open_table(&b, "data");
+               blobmsg_add_string(&b, "package", pkg);
+               blobmsg_close_table(&b, c);
+               ubus_invoke(ctx, id, "event", b.head, NULL, 0, 1000);
+       }
+       free(pkg);
 }
 
 static int
-rpc_uci_revert_commit(struct blob_attr *msg, bool commit)
+rpc_uci_revert_commit(struct ubus_context *ctx, struct blob_attr *msg, bool commit)
 {
        struct blob_attr *tb[__RPC_C_MAX];
        struct uci_package *p = NULL;
        struct uci_ptr ptr = { 0 };
 
+       if (apply_sid[0])
+               return UBUS_STATUS_PERMISSION_DENIED;
+
        blobmsg_parse(rpc_uci_config_policy, __RPC_C_MAX, tb,
                      blob_data(msg), blob_len(msg));
 
@@ -1050,18 +1339,20 @@ rpc_uci_revert_commit(struct blob_attr *msg, bool commit)
 
        if (commit)
        {
-               uci_load(cursor, ptr.package, &p);
-
-               if (p)
+               if (!uci_load(cursor, ptr.package, &p))
                {
                        uci_commit(cursor, &p, false);
                        uci_unload(cursor, p);
+                       rpc_uci_trigger_event(ctx, blobmsg_get_string(tb[RPC_C_CONFIG]));
                }
        }
        else
        {
                if (!uci_lookup_ptr(cursor, &ptr, NULL, true) && ptr.p)
+               {
                        uci_revert(cursor, &ptr);
+                       uci_unload(cursor, ptr.p);
+               }
        }
 
        return rpc_uci_status();
@@ -1072,7 +1363,7 @@ rpc_uci_revert(struct ubus_context *ctx, struct ubus_object *obj,
                struct ubus_request_data *req, const char *method,
                struct blob_attr *msg)
 {
-       return rpc_uci_revert_commit(msg, false);
+       return rpc_uci_revert_commit(ctx, msg, false);
 }
 
 static int
@@ -1080,7 +1371,7 @@ rpc_uci_commit(struct ubus_context *ctx, struct ubus_object *obj,
                struct ubus_request_data *req, const char *method,
                struct blob_attr *msg)
 {
-       return rpc_uci_revert_commit(msg, true);
+       return rpc_uci_revert_commit(ctx, msg, true);
 }
 
 static int
@@ -1102,6 +1393,8 @@ rpc_uci_configs(struct ubus_context *ctx, struct ubus_object *obj,
        for (i = 0; configs[i]; i++)
                blobmsg_add_string(&buf, NULL, configs[i]);
 
+       free(configs);
+
        blobmsg_close_array(&buf, c);
 
        ubus_send_reply(ctx, req, buf.head);
@@ -1115,7 +1408,7 @@ out:
  * Remove given delta save directory (if any).
  */
 static void
-rpc_uci_purge_savedir(const char *path)
+rpc_uci_purge_dir(const char *path)
 {
        DIR *d;
        struct stat s;
@@ -1143,6 +1436,293 @@ rpc_uci_purge_savedir(const char *path)
        }
 }
 
+static int
+rpc_uci_apply_config(struct ubus_context *ctx, char *config)
+{
+       struct uci_package *p = NULL;
+
+       if (!uci_load(cursor, config, &p)) {
+               uci_commit(cursor, &p, false);
+               uci_unload(cursor, p);
+       }
+       rpc_uci_trigger_event(ctx, config);
+
+       return 0;
+}
+
+static void
+rpc_uci_copy_file(const char *src, const char *target, const char *file)
+{
+       char tmp[256];
+       FILE *in, *out;
+
+       snprintf(tmp, sizeof(tmp), "%s%s", src, file);
+       in = fopen(tmp, "rb");
+       snprintf(tmp, sizeof(tmp), "%s%s", target, file);
+       out = fopen(tmp, "wb+");
+       if (in && out)
+               while (!feof(in)) {
+                       int len = fread(tmp, 1, sizeof(tmp), in);
+
+                       if(len > 0)
+                               fwrite(tmp, 1, len, out);
+               }
+       if(in)
+               fclose(in);
+       if(out)
+               fclose(out);
+}
+
+static int
+rpc_uci_apply_access(const char *sid, glob_t *gl)
+{
+       struct stat s;
+       int i, c = 0;
+
+       if (gl->gl_pathc < 3)
+               return UBUS_STATUS_NO_DATA;
+
+       for (i = 0; i < gl->gl_pathc; i++) {
+               char *config = basename(gl->gl_pathv[i]);
+
+               if (*config == '.')
+                       continue;
+               if (stat(gl->gl_pathv[i], &s) || !s.st_size)
+                       continue;
+               if (!rpc_session_access(sid, "uci", config, "write"))
+                       return UBUS_STATUS_PERMISSION_DENIED;
+               c++;
+       }
+
+       if (!c)
+               return UBUS_STATUS_NO_DATA;
+
+       return 0;
+}
+
+static void
+rpc_uci_do_rollback(struct ubus_context *ctx, glob_t *gl)
+{
+       int i, deny;
+       char tmp[PATH_MAX];
+
+       /* Test apply permission to see if the initiator session still exists.
+        * If it does, restore the delta files as well, else just restore the
+        * main configuration files. */
+       deny = apply_sid[0]
+               ? rpc_uci_apply_access(apply_sid, gl) : UBUS_STATUS_NOT_FOUND;
+
+       if (!deny) {
+               snprintf(tmp, sizeof(tmp), RPC_UCI_SAVEDIR_PREFIX "%s/", apply_sid);
+               mkdir(tmp, 0700);
+       }
+
+       /* avoid merging unrelated uci changes when restoring old configs */
+       rpc_uci_replace_savedir("/dev/null");
+
+       for (i = 0; i < gl->gl_pathc; i++) {
+               char *config = basename(gl->gl_pathv[i]);
+
+               if (*config == '.')
+                       continue;
+
+               rpc_uci_copy_file(RPC_SNAPSHOT_FILES, RPC_UCI_DIR, config);
+               rpc_uci_apply_config(ctx, config);
+
+               if (deny)
+                       continue;
+
+               rpc_uci_copy_file(RPC_SNAPSHOT_DELTA, tmp, config);
+       }
+
+       rpc_uci_purge_dir(RPC_SNAPSHOT_FILES);
+       rpc_uci_purge_dir(RPC_SNAPSHOT_DELTA);
+
+       uloop_timeout_cancel(&apply_timer);
+       memset(apply_sid, 0, sizeof(apply_sid));
+       apply_ctx = NULL;
+}
+
+static void
+rpc_uci_apply_timeout(struct uloop_timeout *t)
+{
+       glob_t gl;
+       char tmp[PATH_MAX];
+
+       snprintf(tmp, sizeof(tmp), "%s/*", RPC_SNAPSHOT_FILES);
+       if (glob(tmp, GLOB_PERIOD, NULL, &gl) < 0)
+               return;
+
+       rpc_uci_do_rollback(apply_ctx, &gl);
+
+       globfree(&gl);
+}
+
+static int
+rpc_uci_apply(struct ubus_context *ctx, struct ubus_object *obj,
+              struct ubus_request_data *req, const char *method,
+              struct blob_attr *msg)
+{
+       struct blob_attr *tb[__RPC_T_MAX];
+       int timeout = RPC_APPLY_TIMEOUT;
+       char tmp[PATH_MAX];
+       bool rollback = false;
+       int ret, i;
+       char *sid;
+       glob_t gl;
+
+       blobmsg_parse(rpc_uci_apply_policy, __RPC_T_MAX, tb,
+                     blob_data(msg), blob_len(msg));
+
+       if (tb[RPC_T_ROLLBACK])
+               rollback = blobmsg_get_bool(tb[RPC_T_ROLLBACK]);
+
+       if (apply_sid[0] && rollback)
+               return UBUS_STATUS_PERMISSION_DENIED;
+
+       if (!tb[RPC_T_SESSION])
+               return UBUS_STATUS_INVALID_ARGUMENT;
+
+       sid = blobmsg_data(tb[RPC_T_SESSION]);
+
+       if (tb[RPC_T_TIMEOUT])
+               timeout = blobmsg_get_u32(tb[RPC_T_TIMEOUT]);
+
+       rpc_uci_purge_dir(RPC_SNAPSHOT_FILES);
+       rpc_uci_purge_dir(RPC_SNAPSHOT_DELTA);
+
+       if (!apply_sid[0]) {
+               rpc_uci_set_savedir(tb[RPC_T_SESSION]);
+
+               mkdir(RPC_SNAPSHOT_FILES, 0700);
+               mkdir(RPC_SNAPSHOT_DELTA, 0700);
+
+               snprintf(tmp, sizeof(tmp), RPC_UCI_SAVEDIR_PREFIX "%s/*", sid);
+               if (glob(tmp, GLOB_PERIOD, NULL, &gl) < 0)
+                       return UBUS_STATUS_NOT_FOUND;
+
+               snprintf(tmp, sizeof(tmp), RPC_UCI_SAVEDIR_PREFIX "%s/", sid);
+
+               ret = rpc_uci_apply_access(sid, &gl);
+               if (ret) {
+                       globfree(&gl);
+                       return ret;
+               }
+
+               /* copy SID early because rpc_uci_apply_config() will clobber buf */
+               if (rollback)
+                       strncpy(apply_sid, sid, RPC_SID_LEN);
+
+               for (i = 0; i < gl.gl_pathc; i++) {
+                       char *config = basename(gl.gl_pathv[i]);
+                       struct stat s;
+
+                       if (*config == '.')
+                               continue;
+
+                       if (stat(gl.gl_pathv[i], &s) || !s.st_size)
+                               continue;
+
+                       rpc_uci_copy_file(RPC_UCI_DIR, RPC_SNAPSHOT_FILES, config);
+                       rpc_uci_copy_file(tmp, RPC_SNAPSHOT_DELTA, config);
+                       rpc_uci_apply_config(ctx, config);
+               }
+
+               globfree(&gl);
+
+               if (rollback) {
+                       apply_timer.cb = rpc_uci_apply_timeout;
+                       uloop_timeout_set(&apply_timer, timeout * 1000);
+                       apply_ctx = ctx;
+               }
+       }
+
+       return 0;
+}
+
+static int
+rpc_uci_confirm(struct ubus_context *ctx, struct ubus_object *obj,
+                struct ubus_request_data *req, const char *method,
+                struct blob_attr *msg)
+{
+       struct blob_attr *tb[__RPC_B_MAX];
+       char *sid;
+
+       blobmsg_parse(rpc_uci_rollback_policy, __RPC_B_MAX, tb,
+                     blob_data(msg), blob_len(msg));
+
+       if (!tb[RPC_B_SESSION])
+               return UBUS_STATUS_INVALID_ARGUMENT;
+
+       sid = blobmsg_data(tb[RPC_B_SESSION]);
+
+       if (!apply_sid[0])
+               return UBUS_STATUS_NO_DATA;
+
+       if (strcmp(apply_sid, sid))
+               return UBUS_STATUS_PERMISSION_DENIED;
+
+       rpc_uci_purge_dir(RPC_SNAPSHOT_FILES);
+       rpc_uci_purge_dir(RPC_SNAPSHOT_DELTA);
+
+       uloop_timeout_cancel(&apply_timer);
+       memset(apply_sid, 0, sizeof(apply_sid));
+       apply_ctx = NULL;
+
+       return 0;
+}
+
+static int
+rpc_uci_rollback(struct ubus_context *ctx, struct ubus_object *obj,
+                 struct ubus_request_data *req, const char *method,
+                 struct blob_attr *msg)
+{
+       struct blob_attr *tb[__RPC_B_MAX];
+       char tmp[PATH_MAX];
+       glob_t gl;
+       char *sid;
+
+       blobmsg_parse(rpc_uci_rollback_policy, __RPC_B_MAX, tb,
+                     blob_data(msg), blob_len(msg));
+
+       if (!apply_sid[0])
+               return UBUS_STATUS_NO_DATA;
+
+       if (!tb[RPC_B_SESSION])
+               return UBUS_STATUS_INVALID_ARGUMENT;
+
+       sid = blobmsg_data(tb[RPC_B_SESSION]);
+
+       if (strcmp(apply_sid, sid))
+               return UBUS_STATUS_PERMISSION_DENIED;
+
+       snprintf(tmp, sizeof(tmp), "%s/*", RPC_SNAPSHOT_FILES);
+       if (glob(tmp, GLOB_PERIOD, NULL, &gl) < 0)
+               return UBUS_STATUS_NOT_FOUND;
+
+       rpc_uci_do_rollback(ctx, &gl);
+
+       globfree(&gl);
+
+       return 0;
+}
+
+static int
+rpc_uci_reload(struct ubus_context *ctx, struct ubus_object *obj,
+                 struct ubus_request_data *req, const char *method,
+                 struct blob_attr *msg)
+{
+       char * const cmd[2] = { "/sbin/reload_config", NULL };
+
+       if (!fork()) {
+               /* wait for the RPC call to complete */
+               sleep(2);
+               return execv(cmd[0], cmd);
+       }
+
+       return 0;
+}
+
 /*
  * Session destroy callback to purge associated delta directory.
  */
@@ -1151,24 +1731,23 @@ rpc_uci_purge_savedir_cb(struct rpc_session *ses, void *priv)
 {
        char path[PATH_MAX];
 
-       snprintf(path, sizeof(path) - 1, "/tmp/.uci-rpc-%s", ses->id);
-       rpc_uci_purge_savedir(path);
+       snprintf(path, sizeof(path) - 1, RPC_UCI_SAVEDIR_PREFIX "%s", ses->id);
+       rpc_uci_purge_dir(path);
 }
 
 /*
- * Removes all delta directories which match the /tmp/.uci-rpc-* pattern.
+ * Removes all delta directories which match the RPC_UCI_SAVEDIR_PREFIX.
  * This is used to clean up garbage when starting rpcd.
  */
-static void
-rpc_uci_purge_savedirs(void)
+void rpc_uci_purge_savedirs(void)
 {
        int i;
        glob_t gl;
 
-       if (!glob("/tmp/.uci-rpc-*", 0, NULL, &gl))
+       if (!glob(RPC_UCI_SAVEDIR_PREFIX "*", 0, NULL, &gl))
        {
                for (i = 0; i < gl.gl_pathc; i++)
-                       rpc_uci_purge_savedir(gl.gl_pathv[i]);
+                       rpc_uci_purge_dir(gl.gl_pathv[i]);
 
                globfree(&gl);
        }
@@ -1178,15 +1757,20 @@ int rpc_uci_api_init(struct ubus_context *ctx)
 {
        static const struct ubus_method uci_methods[] = {
                { .name = "configs", .handler = rpc_uci_configs },
-               UBUS_METHOD("get",     rpc_uci_get,     rpc_uci_get_policy),
-               UBUS_METHOD("add",     rpc_uci_add,     rpc_uci_add_policy),
-               UBUS_METHOD("set",     rpc_uci_set,     rpc_uci_set_policy),
-               UBUS_METHOD("delete",  rpc_uci_delete,  rpc_uci_delete_policy),
-               UBUS_METHOD("rename",  rpc_uci_rename,  rpc_uci_rename_policy),
-               UBUS_METHOD("order",   rpc_uci_order,   rpc_uci_order_policy),
-               UBUS_METHOD("changes", rpc_uci_changes, rpc_uci_config_policy),
-               UBUS_METHOD("revert",  rpc_uci_revert,  rpc_uci_config_policy),
-               UBUS_METHOD("commit",  rpc_uci_commit,  rpc_uci_config_policy),
+               UBUS_METHOD("get",      rpc_uci_get,      rpc_uci_get_policy),
+               UBUS_METHOD("state",    rpc_uci_state,    rpc_uci_get_policy),
+               UBUS_METHOD("add",      rpc_uci_add,      rpc_uci_add_policy),
+               UBUS_METHOD("set",      rpc_uci_set,      rpc_uci_set_policy),
+               UBUS_METHOD("delete",   rpc_uci_delete,   rpc_uci_delete_policy),
+               UBUS_METHOD("rename",   rpc_uci_rename,   rpc_uci_rename_policy),
+               UBUS_METHOD("order",    rpc_uci_order,    rpc_uci_order_policy),
+               UBUS_METHOD("changes",  rpc_uci_changes,  rpc_uci_config_policy),
+               UBUS_METHOD("revert",   rpc_uci_revert,   rpc_uci_config_policy),
+               UBUS_METHOD("commit",   rpc_uci_commit,   rpc_uci_config_policy),
+               UBUS_METHOD("apply",    rpc_uci_apply,    rpc_uci_apply_policy),
+               UBUS_METHOD("confirm",  rpc_uci_confirm,  rpc_uci_rollback_policy),
+               UBUS_METHOD("rollback", rpc_uci_rollback, rpc_uci_rollback_policy),
+               UBUS_METHOD_NOARG("reload_config", rpc_uci_reload),
        };
 
        static struct ubus_object_type uci_type =
@@ -1208,7 +1792,6 @@ int rpc_uci_api_init(struct ubus_context *ctx)
        if (!cursor)
                return UBUS_STATUS_UNKNOWN_ERROR;
 
-       rpc_uci_purge_savedirs();
        rpc_session_destroy_cb(&cb);
 
        return ubus_add_object(ctx, &obj);