You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

46 lines
1.1 KiB

cgi-io: implement exec action Implement a new "cgi-exec" applet which allows to invoke remote commands and stream their stdandard output back to the client via HTTP. This is needed in cases where large amounts of data or binary encoded contents such as tar archives need to be transferred, which are unsuitable to be transported via ubus directly. The exec call is guarded by the same ACL semantics as rpcd's file plugin, means in order to be able to execute a command remotely, the ubus session identified by the given session ID must have read access to the "exec" function of the "cgi-io" scope and an explicit "exec" permission rule for the invoked command in the "file" scope. In order to initiate a transfer, a POST request in x-www-form-urlencoded format must be sent to the applet, with one field "sessionid" holding the login session and another field "command" specifiying the commandline to invoke. Further optional fields are "filename" which - if present - will cause the download applet to set a Content-Dispostition header and "mimetype" which allows to let the applet respond with a specific type instead of the default "application/octet-stream". Below is an example for the required ACL rules to grant exec access to both the "date" and "iptables" commands. The "date" rule specifies the base name of the executable and thus allows invocation with arbitrary parameters while the latter "iptables" rule merely allows one specific set of arguments which must appear exactly in the given order. ubus call session grant '{ "ubus_rpc_session": "...", "scope": "cgi-io", "objects": [ [ "exec", "read" ] ] }' ubus call session grant '{ "ubus_rpc_session": "...", "scope": "file", "objects": [ [ "/bin/date", "exec" ], [ "/usr/sbin/iptables -n -v -L", "exec" ] ] }' Signed-off-by: Jo-Philipp Wich <jo@mein.io>
5 years ago
  1. #
  2. # Copyright (C) 2015 OpenWrt.org
  3. #
  4. # This is free software, licensed under the GNU General Public License v2.
  5. # See /LICENSE for more information.
  6. #
  7. include $(TOPDIR)/rules.mk
  8. PKG_NAME:=cgi-io
  9. PKG_RELEASE:=16
  10. PKG_LICENSE:=GPL-2.0-or-later
  11. PKG_MAINTAINER:=John Crispin <blogic@openwrt.org>
  12. include $(INCLUDE_DIR)/package.mk
  13. include $(INCLUDE_DIR)/cmake.mk
  14. define Package/cgi-io
  15. SECTION:=net
  16. CATEGORY:=Network
  17. SUBMENU:=Web Servers/Proxies
  18. DEPENDS:=+libubox +libubus
  19. TITLE:=CGI utility for handling up/downloading of files
  20. endef
  21. define Package/cgi-io/description
  22. This package contains an cgi utility that is useful for up/downloading files
  23. endef
  24. define Build/Prepare
  25. mkdir -p $(PKG_BUILD_DIR)
  26. $(CP) ./src/* $(PKG_BUILD_DIR)/
  27. endef
  28. define Package/cgi-io/install
  29. $(INSTALL_DIR) $(1)/usr/libexec $(1)/www/cgi-bin/
  30. $(INSTALL_BIN) $(PKG_BUILD_DIR)/cgi-io $(1)/usr/libexec
  31. $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-upload
  32. $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-download
  33. $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-backup
  34. $(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-exec
  35. endef
  36. $(eval $(call BuildPackage,cgi-io))