* Replaced luafilesystem with luaposix library

* Introduced privilege dropping capability
* Automatically drop privileges for "public" to "nobody/nogroup" (as defined in ffluci.uci)

13 files changed, 93 insertions, 38 deletions

diff --git a/Makefile b/Makefile
index 2e986d8cb..a43766e66 100644
--- a/Makefile
+++ b/Makefile
@@ -4,9 +4,9 @@ LUAC_OPTIONS = -s
 FILES = 
 
 CFILES = ffluci/util.lua ffluci/http.lua ffluci/fs.lua \
-ffluci/model/uci.lua ffluci/config.lua ffluci/i18n.lua  \
-ffluci/template.lua ffluci/cbi.lua ffluci/dispatcher.lua \
-ffluci/menu.lua ffluci/init.lua ffluci/sys.lua 
+ffluci/sys.lua ffluci/model/uci.lua ffluci/config.lua \
+ffluci/i18n.lua ffluci/template.lua ffluci/cbi.lua \
+ffluci/dispatcher.lua ffluci/menu.lua ffluci/init.lua 
 
 DIRECTORIES = dist/ffluci/model/cbi dist/ffluci/controller dist/ffluci/i18n dist/ffluci/view
 
diff --git a/contrib/ffluci.uci b/contrib/ffluci.uci
index c887b1b33..640faf170 100644
--- a/contrib/ffluci.uci
+++ b/contrib/ffluci.uci
@@ -2,6 +2,8 @@ config core main
         option lang de
         option mediaurlbase /ffluci/media
         
+config core category_privileges
+		option public nobody:nogroup
 
 config public contact
 		option nickname
diff --git a/contrib/package/ffluci/Makefile b/contrib/package/ffluci/Makefile
index 04093a974..4709767d1 100644
--- a/contrib/package/ffluci/Makefile
+++ b/contrib/package/ffluci/Makefile
@@ -15,7 +15,7 @@ define Package/ffluci
   SECTION:=admin
   CATEGORY:=Administration
   TITLE:=FFLuCI
-  DEPENDS:=+liblua +luafilesystem +haserl
+  DEPENDS:=+liblua +luaposix +haserl
   MAINTAINER:=Steven Barth <steven-at-midlink-dot-org>
 endef
 
diff --git a/contrib/package/luafilesystem/Makefile b/contrib/package/luaposix/Makefile
index 6c73cf501..177583bb8 100644
--- a/contrib/package/luafilesystem/Makefile
+++ b/contrib/package/luaposix/Makefile
@@ -1,23 +1,23 @@
 include $(TOPDIR)/rules.mk
 
-PKG_NAME:=luafilesystem
-PKG_VERSION:=1.4.0
+PKG_NAME:=luaposix
+PKG_VERSION:=5.1.2
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://luaforge.net/frs/download.php/3158
-PKG_MD5SUM:=6f3d247f27820b8f045431ad81bcd3ad
+PKG_SOURCE_URL:=http://luaforge.net/frs/download.php/3063
+PKG_MD5SUM:=31deeb4add91f76b3c2d36aae2888d81
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
 
 include $(INCLUDE_DIR)/package.mk
 
-define Package/luafilesystem
+define Package/luaposix
   SECTION:=lib
   CATEGORY:=Libraries
-  TITLE:=Lua FS library
-  URL:=http://www.keplerproject.org/luafilesystem/
+  TITLE:=Lua Posix library
+  URL:=http://luaforge.net/projects/luaposix/
   DEPENDS:=+liblua
   MAINTAINER:=Steven Barth <steven-at-midlink-dot-org>
 endef
@@ -32,13 +32,13 @@ define Build/Compile
 		AR="$(TARGET_CROSS)ar rcu" \
 		RANLIB="$(TARGET_CROSS)ranlib" \
 		INSTALL_ROOT=/usr \
-		LUA_INC=$(STAGING_DIR)/usr/include
+		LUAINC=$(STAGING_DIR)/usr/include
 endef
 
-define Package/luafilesystem/install		
+define Package/luaposix/install		
 	$(INSTALL_DIR) $(1)/usr/lib/lua
-	$(STRIP) $(PKG_BUILD_DIR)/src/lfs.so
-	$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/lfs.so $(1)/usr/lib/lua
+	$(STRIP) $(PKG_BUILD_DIR)/posix.so
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/posix.so $(1)/usr/lib/lua
 endef
 
-$(eval $(call BuildPackage,luafilesystem))
+$(eval $(call BuildPackage,luaposix))
\ No newline at end of file
diff --git a/src/ffluci/cbi.lua b/src/ffluci/cbi.lua
index 296a77b49..d89405516 100644
--- a/src/ffluci/cbi.lua
+++ b/src/ffluci/cbi.lua
@@ -39,7 +39,7 @@ function load(cbimap)
 	require("ffluci.fs")
 	require("ffluci.i18n")
 	
-	local cbidir = ffluci.fs.dirname(ffluci.util.__file__()) .. "model/cbi/"
+	local cbidir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/model/cbi/"
 	local func, err = loadfile(cbidir..cbimap..".lua")
 	
 	if not func then
diff --git a/src/ffluci/controller/admin/system.lua b/src/ffluci/controller/admin/system.lua
index df2d981e4..be2d9b6eb 100644
--- a/src/ffluci/controller/admin/system.lua
+++ b/src/ffluci/controller/admin/system.lua
@@ -1,6 +1,6 @@
 module("ffluci.controller.admin.system", package.seeall)
 
-require("ffluci.util")
+require("ffluci.sys")
 require("ffluci.http")
 
 menu = {
@@ -18,8 +18,7 @@ function action_passwd()
 	local cm
 	
 	if p1 or p2 then
-		cm = "(echo '"..p1.."';sleep 1;echo '"..p2.."') | passwd root 2>&1"
-		msg = ffluci.util.exec(cm)
+		msg = ffluci.sys.user.setpasswd("root", p1, p2)
 	end
 	
 	ffluci.template.render("admin_system/passwd", {msg=msg})
diff --git a/src/ffluci/dispatcher.lua b/src/ffluci/dispatcher.lua
index 139b0e308..b60a9beef 100644
--- a/src/ffluci/dispatcher.lua
+++ b/src/ffluci/dispatcher.lua
@@ -84,8 +84,20 @@ limitations under the License.
 module("ffluci.dispatcher", package.seeall)
 require("ffluci.http")
 require("ffluci.template")
+require("ffluci.config")
+require("ffluci.sys")
 
 
+-- Sets privilege for given category
+function assign_privileges(category)
+	local cp = ffluci.config.category_privileges
+	if cp and cp[category] then
+		local u, g = cp[category]:match("([^:]+):([^:]+)")
+		ffluci.sys.process.setuser(u)
+		ffluci.sys.process.setgroup(g)
+	end
+end
+
 -- Dispatches the "request"
 function dispatch(req)
 	request = req
@@ -137,6 +149,7 @@ function httpdispatch()
 	local mod = sanitize(parts(), "index")
 	local act = sanitize(parts(), "index")
 	
+	assign_privileges(cat)
 	dispatch({category=cat, module=mod, action=act})
 end
 
diff --git a/src/ffluci/fs.lua b/src/ffluci/fs.lua
index fdea1b51e..189612279 100644
--- a/src/ffluci/fs.lua
+++ b/src/ffluci/fs.lua
@@ -26,7 +26,7 @@ limitations under the License.
 
 module("ffluci.fs", package.seeall)
 
-require("lfs")
+require("posix")
 
 -- Checks whether a file exists
 function isfile(filename)
@@ -80,26 +80,28 @@ end
 
 -- Returns the file modification date/time of "path"
 function mtime(path)
-	return lfs.attributes(path, "modification")
+	return posix.stat(path, "mtime")
 end
 
--- Simplified dirname function
-function dirname(file)
-	return string.gsub(file, "[^/]+$", "")
+-- basename wrapper
+function basename(path)
+	return posix.basename(path)
+end
+
+-- dirname wrapper
+function dirname(path)
+	return posix.dirname(path)
 end
 
 -- Diriterator - alias for lfs.dir - filter . and ..
 function dir(path)
-	local e = {}
-	for entry in lfs.dir(path) do
-		if not(entry == "." or entry == "..") then
-			table.insert(e, entry)
-		end
-	end
+	local e = posix.dir(path)
+	table.remove(e, 1)
+	table.remove(e, 1)
 	return e
 end
 
 -- Alias for lfs.mkdir
 function mkdir(...)
-	return lfs.mkdir(...)
+	return posix.mkdir(...)
 end
\ No newline at end of file
diff --git a/src/ffluci/i18n.lua b/src/ffluci/i18n.lua
index 1abe22fd7..c362d3e5f 100644
--- a/src/ffluci/i18n.lua
+++ b/src/ffluci/i18n.lua
@@ -31,7 +31,7 @@ require("ffluci.util")
 require("ffluci.config")
 
 table   = {}
-i18ndir = ffluci.fs.dirname(ffluci.util.__file__()) .. "i18n/"
+i18ndir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/i18n/"
 
 -- Clears the translation table
 function clear()
diff --git a/src/ffluci/menu.lua b/src/ffluci/menu.lua
index 7b192aaea..724faaeaa 100644
--- a/src/ffluci/menu.lua
+++ b/src/ffluci/menu.lua
@@ -29,8 +29,8 @@ require("ffluci.fs")
 require("ffluci.util")
 require("ffluci.template")
 
-ctrldir   = ffluci.fs.dirname(ffluci.util.__file__()) .. "controller/"
-modelpath = ffluci.fs.dirname(ffluci.util.__file__()) .. "model/menudata.lua"
+ctrldir   = ffluci.fs.dirname(ffluci.util.__file__()) .. "/controller/"
+modelpath = ffluci.fs.dirname(ffluci.util.__file__()) .. "/model/menudata.lua"
 
 -- Cache menudata into a Luafile instead of recollecting it at every pageload
 -- Warning: Make sure the menudata cache gets deleted everytime you update
diff --git a/src/ffluci/sys.lua b/src/ffluci/sys.lua
index 4ed2262c8..97a926b0b 100644
--- a/src/ffluci/sys.lua
+++ b/src/ffluci/sys.lua
@@ -25,7 +25,7 @@ limitations under the License.
 ]]--
 
 module("ffluci.sys", package.seeall)
-require("ffluci.fs")
+require("posix")
 
 -- Returns the hostname
 function hostname()
@@ -38,11 +38,40 @@ function loadavg()
 	return loadavg:match("^(.-) (.-) (.-) (.-) (.-)$")
 end
 
+
+group = {}
+group.getgroup = posix.getgroup
+
+net = {}
 -- Returns all available network interfaces
-function net_devices()
+function net.devices()
 	local devices = {}
 	for line in io.lines("/proc/net/dev") do
 		table.insert(devices, line:match(" *(.-):"))
 	end
 	return devices
+end
+
+process = {}
+process.info = posix.getpid 
+
+-- Sets the gid of a process
+function process.setgroup(pid, gid)
+	return posix.setpid("g", pid, gid)
+end
+
+-- Sets the uid of a process
+function process.setuser(pid, uid)
+	return posix.setpid("u", pid, uid)
+end
+
+user = {}
+-- returns user information to a given uid
+user.getuser = posix.getpasswd
+	
+-- Changes the user password of given user
+function user.setpasswd(user, pwd1, pwd2)
+	local cmd = "(echo '"..pwd1.."';sleep 1;echo '"..pwd2.."')|"
+	cmd = cmd .. "passwd "..user.." 2>&1"
+	return ffluci.util.exec(cmd)
 end
\ No newline at end of file
diff --git a/src/ffluci/template.lua b/src/ffluci/template.lua
index f7131488e..2bc015081 100644
--- a/src/ffluci/template.lua
+++ b/src/ffluci/template.lua
@@ -31,7 +31,7 @@ require("ffluci.fs")
 require("ffluci.i18n")
 require("ffluci.model.uci")
 
-viewdir = ffluci.fs.dirname(ffluci.util.__file__()) .. "view/"
+viewdir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/view/"
 
 
 -- Compile modes:
diff --git a/src/ffluci/util.lua b/src/ffluci/util.lua
index 85092f065..c47a89895 100644
--- a/src/ffluci/util.lua
+++ b/src/ffluci/util.lua
@@ -150,6 +150,16 @@ function instanceof(object, class)
 end
 
 
+-- Creates valid XML PCDATA from a string
+function pcdata(value)
+	value = value:gsub("&", "&amp;")	
+	value = value:gsub('"', "&quot;")
+	value = value:gsub("'", "&apos;")
+	value = value:gsub("<", "&lt;")	
+	return value:gsub(">", "&gt;")
+end
+
+
 -- Resets the scope of f doing a shallow copy of its scope into a new table
 function resfenv(f)
 	setfenv(f, clone(getfenv(f)))