When restoring session information from blob data, only consider the
embedded username attribute if it is a string value.
Other types may cause invalid memory accesses when attempting to strcmp()
the attribute value.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Reclaim the pending apply session upon login when the username matches the
current login.
This is required to support apply-confirm-rollback workflow for ubus browser
clients, since changing IPs requires re-login to the device due to cross
domain restrictions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The given const char *key was used to look up the blob attribute, while
the blob attributes internal name was used to store it in the avl tree.
This leads to confusion and potential memory leaks when the given key name
does not match the blob attributes internal name.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
The libuci `uci_set_savedir()` function does not replace, but appends the
requested delta directory to the search path, this causes information leaks
between sessions.
Due to a lack of an official api for this, clear the uci contexts private
delta path before setting the save directory.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Introduce optional boolean attribute 'all' to allow listing all
installed packages instead of only the user-selected ones.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Add method to list installed software packages directly from
/usr/lib/opkg/status (ie. no need to have opkg installed).
ubus call rpc-sys packagelist
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
RTLD_GLOBAL was used to allow plugins use each other symbols but this
facility was (most likely) never used and is a bad design anyway. If
there is a common code it should just go to a library.
Using RTLD_LOCAL on the other hand saves us from conflicting symbols
used by different plugins. An example can be iwinfo plugin using libnl.
If there appears to be another plugin using incompatible netlink
implementation this will result in a problem. Both plugins will start
using the same libnl which will break one of them.
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
Acked-by: Jo-Philipp Wich <jo@mein.io>
Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for blobmsg_json.h.
Some external toolchains which do not include standard locations would fail to
find the header otherwise.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Fixes the following warnings:
rpcd/sys.c: In function 'rpc_cgi_password_set':
rpcd/sys.c:116:8: error: ignoring return value of 'chdir', declared with attribute warn_unused_result [-Werror=unused-result]
chdir("/");
^
rpcd/sys.c:125:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], blobmsg_data(tb[RPC_P_PASSWORD]),
^
rpcd/sys.c:127:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], "\n", 1);
^
rpcd/sys.c:131:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], blobmsg_data(tb[RPC_P_PASSWORD]),
^
rpcd/sys.c:133:8: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(fds[1], "\n", 1);
^
cc1: all warnings being treated as errors
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for libubus.h. Some
external toolchains which do not include standard locations would fail
to find the header otherwise.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Making an ubus call iwinfo countrylist '{"device":"radio0"}' will result
in some entries having garbage uninitialized stack bytes in the "code"
fields.
With this patch we zero-initialize the buffer that libiwinfo writes to,
making it NUL-terminated so that behavior doesn't happen anymore.
Signed-off-by: Denis Osvald <denis.osvald@sartura.hr>
Solve this compile warning:
file.c:300:16: error: comparison of unsigned expression < 0 is always false [-Werror,-Wtautological-compare]
if (data_len < 0)
Signed-off-by: Luka Perkov <luka@openwrt.org>
The ubus calls for file read, list and stat do not use data parameter, so lets
remove them to avoid confusion.
Signed-off-by: Luka Perkov <luka@openwrt.org>
Function rpc_plugin_register_library() is modifying the struct's contents in
list_add() call. That said, the rpc_plugin struct should not be defined as
const. This caused segmentation fault when built on up-to-date Arch Linux.
Signed-off-by: Luka Perkov <luka@openwrt.org>
Previously any session with access permissions for the corresponding method
was able to confirm or rollback commits initiated by another session.
Change those methods to only grant access to the initiating session.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
Calling commit with rollback=false to cancel a pending rollback timer can
potentially trigger another commit if no rollback is actually pending.
This introduces a new method "confirm" which cancels the rollback timer
without any other possible side effects.
While being at it, change the return code when trying to commit during
a pending rollback or when trying to rollback without a pending timeout to
UBUS_STATUS_NO_DATA. This is needed to be able to differentiate between a
denied request and an inappropriate state.
Also change the error return code for glob() failures to the more
appropriate UBUS_STATUS_NOT_FOUND.
Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>
