Commit graph

192 commits

Author SHA1 Message Date
Daniel Danzberger
efe51f41d6 iwinfo: add current hw and ht mode to info call
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
2020-01-05 19:56:34 +01:00
Jo-Philipp Wich
aaa08366e6 file: extend exec acl checks to commands with arguments
When the initial exec permission check on the executable path fails,
concatenate the command line with spaces and use the resulting string
as lookup path for a second exec permission check.

This allows for exec acls similar to this example:

    "file": {
        "/usr/bin/program --flag --option=1 arg *": [ "exec" ]
    }

The example above would allow executing `/usr/bin/program` with the
arguments `--flag`, `--option=1` and `arg` in exactly this order,
followed by any number of optional arguments as denoted by the
asterisk.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-12-11 09:13:05 +01:00
Jo-Philipp Wich
77ad0de092 plugin: avoid truncating numeric values
When parsing the JSON output of exec plugins, store integer values exceeding
32bit value limits as 64bit integer blob values.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-11-10 21:26:51 +01:00
Jo-Philipp Wich
d442d62dea plugin: fix double free in finish callback
Fixes: 37aa919 ("plugin: fix leaking invoked method name for exec plugins")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-29 12:01:36 +01:00
Yousong Zhou
ee26d83e98 main: exec_self: make clang analyzer happy
Prevent a theoretical leak of the args memory when the executable path
cannot be found.

Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace, commit description]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-29 09:26:24 +01:00
Yousong Zhou
90e40bd3d5 file: exec: properly free memory on error
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-29 09:26:18 +01:00
Yousong Zhou
9ecfada16d uci: free configs list memory on return
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-29 09:25:17 +01:00
Yousong Zhou
32fba361d5 exec: always call finish_cb to allow plugin to free up memory
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace, subject typo]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-29 09:24:46 +01:00
Jo-Philipp Wich
ca3e2d5e70 plugin: do not free method name separately
A previous commit changed the allocation method for the call context to
include the method name string memory directly, so we must not treat the
method member separately anymore.

Fixes: 37aa919 ("plugin: fix leaking invoked method name for exec plugins")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-29 09:23:30 +01:00
Yousong Zhou
02c6e1d08c exec: properly free memory on rpc_exec() error
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
[fix whitespace]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-29 09:23:22 +01:00
Yousong Zhou
cc50263504 plugin: exec: properly free memory on parse error
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
2019-10-29 08:59:37 +01:00
Jo-Philipp Wich
bd0ed25214 uci: reset uci_ptr flags when merging set operations
In some cases, e.g. when subsequently setting multiple empty option
values, uci_set() might free the section pointer of the given reused
uci_ptr structure without zeroing it, leading to a use-after-free on
processing subsequent options.

Avoid this issue by clearing the lookup pointer flags in order to
prevent uci_set() from incorrectly branching into a uci_delete()
operation leading to the freeing of the section member.

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2019-October/019592.html
Reported-by: Daniel Danzberger <daniel@dd-wrt.com>
Suggested-by: Yousong Zhou <yszhou4tech@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-29 08:28:17 +01:00
Jo-Philipp Wich
37aa9196b6 plugin: fix leaking invoked method name for exec plugins
The invoked method name was separately duplicated from the call_context
structure. The structure itself is eventually freed by rpc_exec_reply()
but the method string it points to is lost after that.

Use calloc_a() instead to allocate the string copy buffer together with
the context structure, to ensure that all involved memory is freed.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-10-17 11:50:39 +02:00
Jo-Philipp Wich
95f0973c34 file: increase minimum read buffer size to 4096 bytes
Some sysfs or proc files contain more than 128 byte of data, e.g. the
/proc/filesystems or /proc/mounts files.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-21 14:58:38 +02:00
Jo-Philipp Wich
e2a7bc4c2f iwinfo: add WPA3 support
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-09 12:46:20 +02:00
Jo-Philipp Wich
69eeb1b480 file: refactor message parsing and permission checking
Refactor rpc_check_path() and wrap it with a macro to allow passing
different policies and permission names.

This allows using the function for non-read operations and simplifies
the message parsing code there.

Also change the stat and list methods to require "list" instead of
"read" permissions which is useful to allow browing the filesystem
without allowing read access to all files.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-08 18:29:18 +02:00
Jo-Philipp Wich
f65527a298 iwinfo: expose all rate info fields in assoclist reply
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-04 15:51:39 +02:00
Jo-Philipp Wich
7fec63611d sys: fix symbol redeclaration
Fixes: 27c24c7 ("rpcd: sys: actually move timespec declaration")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-04 15:51:39 +02:00
Jo-Philipp Wich
27c24c7c18 rpcd: sys: actually move timespec declaration
Move the timespec declaration to the function header, as mentioned in
commit "rpcd: Switch to nanosleep".

Fixes: 604db20 ("rpcd: Switch to nanosleep")
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-03 11:36:31 +02:00
Jo-Philipp Wich
345363bf47 file: add remove operation
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-03 11:27:44 +02:00
Rosen Penev
604db20aa6 rpcd: Switch to nanosleep
usleep has been deprecated by POSIX.1-2001 and removed in POSIX.1-2008.
Fixes compilation when libc does not include usleep (optional with
uClibc-ng).

nanosleep also has the advantage of being more accurate.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
[move timespec definition to the top of the function]
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-03 11:26:51 +02:00
Jo-Philipp Wich
821045f6ce file: add path based read/write/exec ACL checks
Introduce ACL checks to verify that the requested path may be read, written
or executed. This allows to restrict ubus file commands to specific paths.

To setup the required ACLs, the following ubus command may be used
on the command line:

ubus call session grant '{
  "ubus_rpc_session": "d41d8cd98f00b204e9800998ecf8427e",
  "scope": "file",
  "objects": [
    [ "/etc", "read" ],
    [ "/etc/*", "write" ],
    [ "/sbin/sysupgrade", "exec" ]
  ]
}'

The "read", "list", "stat" and "md5" procedures require "read" permissions,
the "write" procedure requires "write" permission and the "exec" procedure
requires "exec" permissions.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-01 18:29:03 +02:00
Jo-Philipp Wich
fb337e5a08 file: add stat() information to directory listings
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-09-01 18:29:03 +02:00
Petr Štetiar
89bfaa4246 Fix possible linker errors by using CMake find_library macro
Fixes following errors while compiling natively on x86:

 cc -fPIC -shared  -o rpcsys.so sys.c.o -lubox -lubus
 ld: cannot find -lubox
 ld: cannot find -lubus

Signed-off-by: Petr Štetiar <ynezz@true.cz>
2019-06-05 13:10:50 +02:00
Jo-Philipp Wich
569284a119 session: handle NULL return values of crypt()
The crypt() function may return NULL with errno ENOSYS when an attempt
was made to crypt the plaintext password using a salt requesting an
unsupported cipher.

Avoid triggering segmentation faults in the subsequent strcmp() operation
by checking for a non-NULL hash value.

Fixes: FS#2291
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2019-05-22 14:25:52 +02:00
Daniel Danzberger
d610800a0f iwinfo: add mesh infos in assoclist.
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
2019-03-05 19:51:54 +01:00
Daniel Danzberger
6939c493cc iwinfo: add survey.
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
2019-03-05 19:51:54 +01:00
Daniel Danzberger
ceeccb1e02 iwinfo: show more stats from assoclist.
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
2019-03-05 19:51:54 +01:00
Jo-Philipp Wich
ffaa6132cb file: avoid closing stdio descriptors in rpc_file_exec_run
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-21 09:30:19 +01:00
Jo-Philipp Wich
67118a6b33 file: patch process stdin to /dev/null
This prevents broken pipe errors in executed child processes that
attempt to access stdin.

Suggested-by: Vytautas Virvičius <vy.virvicius@gmail.com>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-21 09:18:23 +01:00
Jo-Philipp Wich
2e8106ac56 file: remove unused members from struct rpc_file_exec_context
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-21 09:00:48 +01:00
Jo-Philipp Wich
e5243c16eb file: rpc_file_exec_run: fix potential memory leak and integer overflow
- Store the realloc result in a separate pointer so that we can free
   the original on allocation failure
 - Use an explicit uint8_t for the argument vector length instead of
   "char" which might be signed or unsigned, depending on the arch
 - Bail out with an invalid argument error if the argument vector
   exceeds 255 items

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-12-21 09:00:20 +01:00
Jo-Philipp Wich
3aa81d0dfa file: access exec timeout via daemon ops structure
Since the plugin is not linked, but dlopen()'d with RTLD_LOCAL, we cannot
access global rpcd variables but need to access them via the common ops
structure symbol.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-28 12:12:04 +01:00
Jo-Philipp Wich
7235f34895 plugin: store pointer to exec timeout value in the ops structure
This is required for plugins that need access to the configured execution
timeout. The global variable cannot be used as-is since we dlopen() with
RTLD_LOCAL.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-28 12:10:40 +01:00
Jo-Philipp Wich
ccd7c0af75 treewide: rename exec_timeout to rpc_exec_timeout
Rename the extern int to denote a global symbol.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-28 12:07:58 +01:00
Jo-Philipp Wich
c79ef22285 main: fix logic bug when not specifying a timeout option
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-22 16:25:39 +01:00
Jo-Philipp Wich
2cc4b998ec file: use global exec timeout instead of own hardcoded limit
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-22 14:28:29 +01:00
Jo-Philipp Wich
ecd1660f17 exec: increase maximum execution time to 120s
Increase the maximum possible execution time to 120 seconds and add a new
command line flag `-t` which allows overwriting the default value.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-11-22 14:28:28 +01:00
Jo-Philipp Wich
41333abee4 uci: tighten uci reorder operation error handling
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section names
- Return UBUS_STATUS_NOT_FOUND if a section name could not be resolved
2018-08-09 00:07:27 +02:00
Jo-Philipp Wich
f91751b767 uci: tighten uci delete operation error handling
- Return UBUS_STATUS_NOT_FOUND if no object could be resolved for delete
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section names or types

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-09 00:07:27 +02:00
Jo-Philipp Wich
c2c612b67c uci: tighten uci set operation error handling
- Return UBUS_STATUS_NOT_FOUND if no section could be resolved for set
 - Return UBUS_STATUS_INVALID_ARGUMENT if unserializable values are found

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-09 00:07:27 +02:00
Jo-Philipp Wich
948bb51875 uci: tighten uci add operation error handling
- Return UBUS_STATUS_INVALID_ARGUMENT for invalid section or option names
- Return UBUS_STATUS_NOT_FOUND if a section name could not be resolved

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-09 00:07:26 +02:00
Jo-Philipp Wich
51980c687b uci: reject invalid section and option names
The invoked libuci functions do not reliably check their arguments, causing
malformed section and option names to end up in the delta file, letting the
uci cli and other components to segfault when processung such invalid
entries.

In order to prevent that, manually test received values before passing them
on to libuci.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-08-08 23:58:37 +02:00
Jo-Philipp Wich
820621952d uci: fix memory leak in rpc_uci_replace_savedir()
The rpc_uci_replace_savedir() function did not take into account that libuci
uci_set_savedir() does an additional implicit uci_strdup() of the directory
path string when appending a new delta directory item.

Due to this oversight, only the struct uci_element items got freed, but not
the duplicated path string, leading to leaking memory when invoking the uci
api with session id argument.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-13 21:13:05 +02:00
Jo-Philipp Wich
10f787881d exec: close stdout and stderr streams on child signal
This prevents timing out ubus call when the child invokes further detached
childs inheriting stdio descriptors.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-05-08 20:47:17 +02:00
Jo-Philipp Wich
92d0d75716 uci: use correct sort index when reordering sections
When reordering, the section indexes must be 0-based while the current
implementation incorrectly numbers starting with 1.

Fix this by start numbering ther sections with index 0.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-28 18:23:59 +02:00
Jo-Philipp Wich
66a9bad1a7 uci: fix memory leak in rpc_uci_apply_timeout()
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-20 13:17:28 +02:00
Jo-Philipp Wich
2423162234 uci: switch to proper save directory on apply/rollback
The existing code failed to set the uci cursor save directory to the current
session path, causing the apply routine to either fail or to merge settings
from unrelated neighboring sessions, potentially leaking data.

Solve the issue by switching the uci cursor save directory to the session
directory before performing the actual apply actions.

Additionally set the save directory path to "/dev/null" during rollback, to
avoid merging unrelated system wide uci changes when restoring configs from
the snapshot directory.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-20 13:15:46 +02:00
Jo-Philipp Wich
edd37f8dbb uci: add rpc_uci_replace_savedir() helper
The rpc_uci_replace_savedir() function removes all configured save directories
from the uci cursor instance and adds the given path argument as sole item.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-04-19 13:54:40 +02:00
Jo-Philipp Wich
eb09f3a3fd session: ignore non-string username attribute upon restore
When restoring session information from blob data, only consider the
embedded username attribute if it is a string value.

Other types may cause invalid memory accesses when attempting to strcmp()
the attribute value.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
2018-03-15 12:29:15 +01:00