#include <libubox/blobmsg_json.h>
#include <rpcd/uci.h>
+#include <rpcd/exec.h>
#include <rpcd/session.h>
static struct blob_buf buf;
static struct uci_context *cursor;
static struct uloop_timeout apply_timer;
static struct ubus_context *apply_ctx;
-static bool apply_running;
+
+char apply_sid[RPC_SID_LEN + 1];
enum {
RPC_G_CONFIG,
.type = BLOBMSG_TYPE_STRING },
};
+/*
+ * Validate a uci name
+ */
+static bool
+rpc_uci_verify_str(const char *name, bool extended, bool type)
+{
+ const char *c;
+ char *e;
+
+ if (!name || !*name)
+ return false;
+
+ if (extended && *name != '@')
+ extended = false;
+
+ for (c = name + extended; *c; c++)
+ if (!isalnum(*c) && *c != '_' && ((!type && !extended) || *c != '-'))
+ break;
+
+ if (extended) {
+ if (*c != '[')
+ return false;
+
+ strtol(++c, &e, 10);
+
+ return (e > c && *e == ']' && *(e+1) == 0);
+ }
+
+ return (*c == 0);
+}
+
+/*
+ * Check that string is a valid, shell compatible uci name
+ */
+static bool rpc_uci_verify_name(const char *name) {
+ return rpc_uci_verify_str(name, false, false);
+}
+
+/*
+ * Check that string is a valid section type name
+ */
+static bool rpc_uci_verify_type(const char *type) {
+ return rpc_uci_verify_str(type, false, true);
+}
+
+/*
+ * Check that the string is a valid section id, optionally in extended
+ * lookup notation
+ */
+static bool rpc_uci_verify_section(const char *section) {
+ return rpc_uci_verify_str(section, true, false);
+}
+
+
/*
* Turn uci error state into ubus return code
*/
}
}
+/*
+ * Clear all save directories from the uci cursor and append the given path
+ * as new save directory.
+ */
+static void
+rpc_uci_replace_savedir(const char *path)
+{
+ struct uci_element *e, *tmp;
+
+ uci_foreach_element_safe(&cursor->delta_path, tmp, e) {
+ if (e->name)
+ free(e->name);
+
+ free(e);
+ }
+
+ cursor->delta_path.prev = &cursor->delta_path;
+ cursor->delta_path.next = &cursor->delta_path;
+
+ if (path)
+ uci_set_savedir(cursor, path);
+}
+
/*
* Setup per-session delta save directory. If the passed "sid" blob attribute
* pointer is NULL then the precedure was not invoked through the ubus-rpc so
if (!sid)
{
- uci_set_savedir(cursor, "/tmp/.uci");
+ rpc_uci_replace_savedir("/tmp/.uci");
return;
}
snprintf(path, sizeof(path) - 1,
RPC_UCI_SAVEDIR_PREFIX "%s", blobmsg_get_string(sid));
- uci_set_savedir(cursor, path);
+ rpc_uci_replace_savedir(path);
}
/*
switch (blobmsg_type(v))
{
case BLOBMSG_TYPE_STRING:
- if (blobmsg_data_len(v) > 1)
- *p = blobmsg_data(v);
+ *p = blobmsg_data(v);
break;
case BLOBMSG_TYPE_INT64:
if (!rpc_uci_write_access(tb[RPC_A_SESSION], tb[RPC_A_CONFIG]))
return UBUS_STATUS_PERMISSION_DENIED;
+ if (!rpc_uci_verify_type(blobmsg_data(tb[RPC_A_TYPE])))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ if (tb[RPC_A_NAME] &&
+ !rpc_uci_verify_name(blobmsg_data(tb[RPC_A_NAME])))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
ptr.package = blobmsg_data(tb[RPC_A_CONFIG]);
if (uci_load(cursor, ptr.package, &p))
ptr.o = NULL;
ptr.option = blobmsg_name(cur);
+ if (!rpc_uci_verify_name(ptr.option))
+ continue;
+
if (rpc_uci_lookup(&ptr) || !ptr.s)
continue;
ptr->option = blobmsg_name(opt);
ptr->value = NULL;
+ if (!rpc_uci_verify_name(ptr->option))
+ return;
+
if (rpc_uci_lookup(ptr) || !ptr->s)
return;
if (!rpc_uci_write_access(tb[RPC_S_SESSION], tb[RPC_S_CONFIG]))
return UBUS_STATUS_PERMISSION_DENIED;
+ if (tb[RPC_S_SECTION] &&
+ !rpc_uci_verify_section(blobmsg_data(tb[RPC_S_SECTION])))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
ptr.package = blobmsg_data(tb[RPC_S_CONFIG]);
if (uci_load(cursor, ptr.package, &p))
ptr.section = blobmsg_data(tb[RPC_R_SECTION]);
ptr.value = blobmsg_data(tb[RPC_R_NAME]);
+ if (!rpc_uci_verify_name(ptr.value))
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
if (tb[RPC_R_OPTION])
ptr.option = blobmsg_data(tb[RPC_R_OPTION]);
struct blob_attr *cur;
struct uci_package *p = NULL;
struct uci_ptr ptr = { 0 };
- int rem, i = 1;
+ int rem, i = 0;
blobmsg_parse(rpc_uci_order_policy, __RPC_O_MAX, tb,
blob_data(msg), blob_len(msg));
struct uci_package *p = NULL;
struct uci_ptr ptr = { 0 };
- if (apply_running)
+ if (apply_sid[0])
return UBUS_STATUS_PERMISSION_DENIED;
blobmsg_parse(rpc_uci_config_policy, __RPC_C_MAX, tb,
else
{
if (!uci_lookup_ptr(cursor, &ptr, NULL, true) && ptr.p)
+ {
uci_revert(cursor, &ptr);
+ uci_unload(cursor, ptr.p);
+ }
}
return rpc_uci_status();
rpc_uci_apply_config(struct ubus_context *ctx, char *config)
{
struct uci_package *p = NULL;
- struct uci_ptr ptr = { 0 };
- ptr.package = config;
-
- if (!uci_load(cursor, ptr.package, &p)) {
+ if (!uci_load(cursor, config, &p)) {
uci_commit(cursor, &p, false);
uci_unload(cursor, p);
}
fclose(out);
}
+static int
+rpc_uci_apply_access(const char *sid, glob_t *gl)
+{
+ struct stat s;
+ int i, c = 0;
+
+ if (gl->gl_pathc < 3)
+ return UBUS_STATUS_NO_DATA;
+
+ for (i = 0; i < gl->gl_pathc; i++) {
+ char *config = basename(gl->gl_pathv[i]);
+
+ if (*config == '.')
+ continue;
+ if (stat(gl->gl_pathv[i], &s) || !s.st_size)
+ continue;
+ if (!rpc_session_access(sid, "uci", config, "write"))
+ return UBUS_STATUS_PERMISSION_DENIED;
+ c++;
+ }
+
+ if (!c)
+ return UBUS_STATUS_NO_DATA;
+
+ return 0;
+}
+
static void
-rpc_uci_do_rollback(struct ubus_context *ctx, const char *sid, glob_t *gl)
+rpc_uci_do_rollback(struct ubus_context *ctx, glob_t *gl)
{
- int i;
+ int i, deny;
char tmp[PATH_MAX];
- if (sid) {
- snprintf(tmp, sizeof(tmp), RPC_UCI_SAVEDIR_PREFIX "%s/", sid);
+ /* Test apply permission to see if the initiator session still exists.
+ * If it does, restore the delta files as well, else just restore the
+ * main configuration files. */
+ deny = apply_sid[0]
+ ? rpc_uci_apply_access(apply_sid, gl) : UBUS_STATUS_NOT_FOUND;
+
+ if (!deny) {
+ snprintf(tmp, sizeof(tmp), RPC_UCI_SAVEDIR_PREFIX "%s/", apply_sid);
mkdir(tmp, 0700);
}
+ /* avoid merging unrelated uci changes when restoring old configs */
+ rpc_uci_replace_savedir("/dev/null");
+
for (i = 0; i < gl->gl_pathc; i++) {
char *config = basename(gl->gl_pathv[i]);
rpc_uci_copy_file(RPC_SNAPSHOT_FILES, RPC_UCI_DIR, config);
rpc_uci_apply_config(ctx, config);
- if (sid)
- rpc_uci_copy_file(RPC_SNAPSHOT_DELTA, tmp, config);
+
+ if (deny)
+ continue;
+
+ rpc_uci_copy_file(RPC_SNAPSHOT_DELTA, tmp, config);
}
rpc_uci_purge_dir(RPC_SNAPSHOT_FILES);
rpc_uci_purge_dir(RPC_SNAPSHOT_DELTA);
uloop_timeout_cancel(&apply_timer);
- apply_running = false;
+ memset(apply_sid, 0, sizeof(apply_sid));
apply_ctx = NULL;
}
if (glob(tmp, GLOB_PERIOD, NULL, &gl) < 0)
return;
- rpc_uci_do_rollback(apply_ctx, NULL, &gl);
-}
+ rpc_uci_do_rollback(apply_ctx, &gl);
-static int
-rpc_uci_apply_access(const char *sid, glob_t *gl)
-{
- struct stat s;
- int i, c = 0;
-
- if (gl->gl_pathc < 3)
- return UBUS_STATUS_NO_DATA;
-
- for (i = 0; i < gl->gl_pathc; i++) {
- char *config = basename(gl->gl_pathv[i]);
-
- if (*config == '.')
- continue;
- if (stat(gl->gl_pathv[i], &s) || !s.st_size)
- continue;
- if (!rpc_session_access(sid, "uci", config, "write"))
- return UBUS_STATUS_PERMISSION_DENIED;
- c++;
- }
-
- if (!c)
- return UBUS_STATUS_NO_DATA;
-
- return 0;
+ globfree(&gl);
}
static int
if (tb[RPC_T_ROLLBACK])
rollback = blobmsg_get_bool(tb[RPC_T_ROLLBACK]);
- if (apply_running && rollback)
+ if (apply_sid[0] && rollback)
return UBUS_STATUS_PERMISSION_DENIED;
if (!tb[RPC_T_SESSION])
rpc_uci_purge_dir(RPC_SNAPSHOT_FILES);
rpc_uci_purge_dir(RPC_SNAPSHOT_DELTA);
- if (!apply_running) {
+ if (!apply_sid[0]) {
+ rpc_uci_set_savedir(tb[RPC_T_SESSION]);
+
mkdir(RPC_SNAPSHOT_FILES, 0700);
mkdir(RPC_SNAPSHOT_DELTA, 0700);
return ret;
}
+ /* copy SID early because rpc_uci_apply_config() will clobber buf */
+ if (rollback)
+ strncpy(apply_sid, sid, RPC_SID_LEN);
+
for (i = 0; i < gl.gl_pathc; i++) {
char *config = basename(gl.gl_pathv[i]);
struct stat s;
globfree(&gl);
if (rollback) {
- apply_running = true;
apply_timer.cb = rpc_uci_apply_timeout;
uloop_timeout_set(&apply_timer, timeout * 1000);
apply_ctx = ctx;
struct ubus_request_data *req, const char *method,
struct blob_attr *msg)
{
- if (!apply_running)
+ struct blob_attr *tb[__RPC_B_MAX];
+ char *sid;
+
+ blobmsg_parse(rpc_uci_rollback_policy, __RPC_B_MAX, tb,
+ blob_data(msg), blob_len(msg));
+
+ if (!tb[RPC_B_SESSION])
+ return UBUS_STATUS_INVALID_ARGUMENT;
+
+ sid = blobmsg_data(tb[RPC_B_SESSION]);
+
+ if (!apply_sid[0])
return UBUS_STATUS_NO_DATA;
+ if (strcmp(apply_sid, sid))
+ return UBUS_STATUS_PERMISSION_DENIED;
+
rpc_uci_purge_dir(RPC_SNAPSHOT_FILES);
rpc_uci_purge_dir(RPC_SNAPSHOT_DELTA);
uloop_timeout_cancel(&apply_timer);
- apply_running = false;
+ memset(apply_sid, 0, sizeof(apply_sid));
apply_ctx = NULL;
return 0;
char tmp[PATH_MAX];
glob_t gl;
char *sid;
- int ret;
blobmsg_parse(rpc_uci_rollback_policy, __RPC_B_MAX, tb,
blob_data(msg), blob_len(msg));
- if (!apply_running)
+ if (!apply_sid[0])
return UBUS_STATUS_NO_DATA;
if (!tb[RPC_B_SESSION])
sid = blobmsg_data(tb[RPC_B_SESSION]);
+ if (strcmp(apply_sid, sid))
+ return UBUS_STATUS_PERMISSION_DENIED;
+
snprintf(tmp, sizeof(tmp), "%s/*", RPC_SNAPSHOT_FILES);
if (glob(tmp, GLOB_PERIOD, NULL, &gl) < 0)
return UBUS_STATUS_NOT_FOUND;
- ret = rpc_uci_apply_access(sid, &gl);
- if (ret) {
- globfree(&gl);
- return ret;
- }
-
- rpc_uci_do_rollback(ctx, sid, &gl);
+ rpc_uci_do_rollback(ctx, &gl);
globfree(&gl);
return 0;
}
+static int
+rpc_uci_reload(struct ubus_context *ctx, struct ubus_object *obj,
+ struct ubus_request_data *req, const char *method,
+ struct blob_attr *msg)
+{
+ char * const cmd[2] = { "/sbin/reload_config", NULL };
+
+ if (!fork()) {
+ /* wait for the RPC call to complete */
+ sleep(2);
+ return execv(cmd[0], cmd);
+ }
+
+ return 0;
+}
/*
* Session destroy callback to purge associated delta directory.
UBUS_METHOD("apply", rpc_uci_apply, rpc_uci_apply_policy),
UBUS_METHOD("confirm", rpc_uci_confirm, rpc_uci_rollback_policy),
UBUS_METHOD("rollback", rpc_uci_rollback, rpc_uci_rollback_policy),
+ UBUS_METHOD_NOARG("reload_config", rpc_uci_reload),
};
static struct ubus_object_type uci_type =
projects / project / rpcd.git / blobdiff