From 24231622340bf563cc89d2ae384a043a59cb994b Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Thu, 19 Apr 2018 14:02:30 +0200 Subject: [PATCH 1/1] uci: switch to proper save directory on apply/rollback The existing code failed to set the uci cursor save directory to the current session path, causing the apply routine to either fail or to merge settings from unrelated neighboring sessions, potentially leaking data. Solve the issue by switching the uci cursor save directory to the session directory before performing the actual apply actions. Additionally set the save directory path to "/dev/null" during rollback, to avoid merging unrelated system wide uci changes when restoring configs from the snapshot directory. Signed-off-by: Jo-Philipp Wich --- uci.c | 84 +++++++++++++++++++++++++++++++++++++++---------------------------- 1 file changed, 49 insertions(+), 35 deletions(-) diff --git a/uci.c b/uci.c index 2d7d430..35332d8 100644 --- a/uci.c +++ b/uci.c @@ -1292,17 +1292,53 @@ rpc_uci_copy_file(const char *src, const char *target, const char *file) fclose(out); } +static int +rpc_uci_apply_access(const char *sid, glob_t *gl) +{ + struct stat s; + int i, c = 0; + + if (gl->gl_pathc < 3) + return UBUS_STATUS_NO_DATA; + + for (i = 0; i < gl->gl_pathc; i++) { + char *config = basename(gl->gl_pathv[i]); + + if (*config == '.') + continue; + if (stat(gl->gl_pathv[i], &s) || !s.st_size) + continue; + if (!rpc_session_access(sid, "uci", config, "write")) + return UBUS_STATUS_PERMISSION_DENIED; + c++; + } + + if (!c) + return UBUS_STATUS_NO_DATA; + + return 0; +} + static void -rpc_uci_do_rollback(struct ubus_context *ctx, const char *sid, glob_t *gl) +rpc_uci_do_rollback(struct ubus_context *ctx, glob_t *gl) { - int i; + int i, deny; char tmp[PATH_MAX]; - if (sid) { - snprintf(tmp, sizeof(tmp), RPC_UCI_SAVEDIR_PREFIX "%s/", sid); + /* Test apply permission to see if the initiator session still exists. + * If it does, restore the delta files as well, else just restore the + * main configuration files. */ + deny = apply_sid[0] + ? rpc_uci_apply_access(apply_sid, gl) : UBUS_STATUS_NOT_FOUND; + + if (!deny) { + snprintf(tmp, sizeof(tmp), RPC_UCI_SAVEDIR_PREFIX "%s/", apply_sid); mkdir(tmp, 0700); } + /* avoid merging unrelated uci changes when restoring old configs */ + rpc_uci_replace_savedir("/dev/null"); + for (i = 0; i < gl->gl_pathc; i++) { char *config = basename(gl->gl_pathv[i]); @@ -1311,8 +1347,11 @@ rpc_uci_do_rollback(struct ubus_context *ctx, const char *sid, glob_t *gl) rpc_uci_copy_file(RPC_SNAPSHOT_FILES, RPC_UCI_DIR, config); rpc_uci_apply_config(ctx, config); - if (sid) - rpc_uci_copy_file(RPC_SNAPSHOT_DELTA, tmp, config); + + if (deny) + continue; + + rpc_uci_copy_file(RPC_SNAPSHOT_DELTA, tmp, config); } rpc_uci_purge_dir(RPC_SNAPSHOT_FILES); @@ -1333,34 +1372,7 @@ rpc_uci_apply_timeout(struct uloop_timeout *t) if (glob(tmp, GLOB_PERIOD, NULL, &gl) < 0) return; - rpc_uci_do_rollback(apply_ctx, NULL, &gl); -} - -static int -rpc_uci_apply_access(const char *sid, glob_t *gl) -{ - struct stat s; - int i, c = 0; - - if (gl->gl_pathc < 3) - return UBUS_STATUS_NO_DATA; - - for (i = 0; i < gl->gl_pathc; i++) { - char *config = basename(gl->gl_pathv[i]); - - if (*config == '.') - continue; - if (stat(gl->gl_pathv[i], &s) || !s.st_size) - continue; - if (!rpc_session_access(sid, "uci", config, "write")) - return UBUS_STATUS_PERMISSION_DENIED; - c++; - } - - if (!c) - return UBUS_STATUS_NO_DATA; - - return 0; + rpc_uci_do_rollback(apply_ctx, &gl); } static int @@ -1397,6 +1409,8 @@ rpc_uci_apply(struct ubus_context *ctx, struct ubus_object *obj, rpc_uci_purge_dir(RPC_SNAPSHOT_DELTA); if (!apply_sid[0]) { + rpc_uci_set_savedir(tb[RPC_T_SESSION]); + mkdir(RPC_SNAPSHOT_FILES, 0700); mkdir(RPC_SNAPSHOT_DELTA, 0700); @@ -1503,7 +1517,7 @@ rpc_uci_rollback(struct ubus_context *ctx, struct ubus_object *obj, if (glob(tmp, GLOB_PERIOD, NULL, &gl) < 0) return UBUS_STATUS_NOT_FOUND; - rpc_uci_do_rollback(ctx, sid, &gl); + rpc_uci_do_rollback(ctx, &gl); globfree(&gl); -- 2.11.0