diff options
author | Steven Barth <steven@midlink.org> | 2008-03-29 18:22:21 +0000 |
---|---|---|
committer | Steven Barth <steven@midlink.org> | 2008-03-29 18:22:21 +0000 |
commit | 1c6c6d62ca665f9d1126b6bad849f7fd584b6a80 (patch) | |
tree | d0f6d975a17d100a52d158a72904d3cbbf964ab4 /src | |
parent | cdb0b2f0bfaa0e0bb40b1b90581e1376f55fb0df (diff) |
* Replaced luafilesystem with luaposix library
* Introduced privilege dropping capability
* Automatically drop privileges for "public" to "nobody/nogroup" (as defined in ffluci.uci)
Diffstat (limited to 'src')
-rw-r--r-- | src/ffluci/cbi.lua | 2 | ||||
-rw-r--r-- | src/ffluci/controller/admin/system.lua | 5 | ||||
-rw-r--r-- | src/ffluci/dispatcher.lua | 13 | ||||
-rw-r--r-- | src/ffluci/fs.lua | 26 | ||||
-rw-r--r-- | src/ffluci/i18n.lua | 2 | ||||
-rw-r--r-- | src/ffluci/menu.lua | 4 | ||||
-rw-r--r-- | src/ffluci/sys.lua | 33 | ||||
-rw-r--r-- | src/ffluci/template.lua | 2 | ||||
-rw-r--r-- | src/ffluci/util.lua | 10 |
9 files changed, 75 insertions, 22 deletions
diff --git a/src/ffluci/cbi.lua b/src/ffluci/cbi.lua index 296a77b493..d894055168 100644 --- a/src/ffluci/cbi.lua +++ b/src/ffluci/cbi.lua @@ -39,7 +39,7 @@ function load(cbimap) require("ffluci.fs") require("ffluci.i18n") - local cbidir = ffluci.fs.dirname(ffluci.util.__file__()) .. "model/cbi/" + local cbidir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/model/cbi/" local func, err = loadfile(cbidir..cbimap..".lua") if not func then diff --git a/src/ffluci/controller/admin/system.lua b/src/ffluci/controller/admin/system.lua index df2d981e4c..be2d9b6eb6 100644 --- a/src/ffluci/controller/admin/system.lua +++ b/src/ffluci/controller/admin/system.lua @@ -1,6 +1,6 @@ module("ffluci.controller.admin.system", package.seeall) -require("ffluci.util") +require("ffluci.sys") require("ffluci.http") menu = { @@ -18,8 +18,7 @@ function action_passwd() local cm if p1 or p2 then - cm = "(echo '"..p1.."';sleep 1;echo '"..p2.."') | passwd root 2>&1" - msg = ffluci.util.exec(cm) + msg = ffluci.sys.user.setpasswd("root", p1, p2) end ffluci.template.render("admin_system/passwd", {msg=msg}) diff --git a/src/ffluci/dispatcher.lua b/src/ffluci/dispatcher.lua index 139b0e3083..b60a9beefa 100644 --- a/src/ffluci/dispatcher.lua +++ b/src/ffluci/dispatcher.lua @@ -84,8 +84,20 @@ limitations under the License. module("ffluci.dispatcher", package.seeall) require("ffluci.http") require("ffluci.template") +require("ffluci.config") +require("ffluci.sys") +-- Sets privilege for given category +function assign_privileges(category) + local cp = ffluci.config.category_privileges + if cp and cp[category] then + local u, g = cp[category]:match("([^:]+):([^:]+)") + ffluci.sys.process.setuser(u) + ffluci.sys.process.setgroup(g) + end +end + -- Dispatches the "request" function dispatch(req) request = req @@ -137,6 +149,7 @@ function httpdispatch() local mod = sanitize(parts(), "index") local act = sanitize(parts(), "index") + assign_privileges(cat) dispatch({category=cat, module=mod, action=act}) end diff --git a/src/ffluci/fs.lua b/src/ffluci/fs.lua index fdea1b51ec..1896122798 100644 --- a/src/ffluci/fs.lua +++ b/src/ffluci/fs.lua @@ -26,7 +26,7 @@ limitations under the License. module("ffluci.fs", package.seeall) -require("lfs") +require("posix") -- Checks whether a file exists function isfile(filename) @@ -80,26 +80,28 @@ end -- Returns the file modification date/time of "path" function mtime(path) - return lfs.attributes(path, "modification") + return posix.stat(path, "mtime") end --- Simplified dirname function -function dirname(file) - return string.gsub(file, "[^/]+$", "") +-- basename wrapper +function basename(path) + return posix.basename(path) +end + +-- dirname wrapper +function dirname(path) + return posix.dirname(path) end -- Diriterator - alias for lfs.dir - filter . and .. function dir(path) - local e = {} - for entry in lfs.dir(path) do - if not(entry == "." or entry == "..") then - table.insert(e, entry) - end - end + local e = posix.dir(path) + table.remove(e, 1) + table.remove(e, 1) return e end -- Alias for lfs.mkdir function mkdir(...) - return lfs.mkdir(...) + return posix.mkdir(...) end
\ No newline at end of file diff --git a/src/ffluci/i18n.lua b/src/ffluci/i18n.lua index 1abe22fd79..c362d3e5f0 100644 --- a/src/ffluci/i18n.lua +++ b/src/ffluci/i18n.lua @@ -31,7 +31,7 @@ require("ffluci.util") require("ffluci.config") table = {} -i18ndir = ffluci.fs.dirname(ffluci.util.__file__()) .. "i18n/" +i18ndir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/i18n/" -- Clears the translation table function clear() diff --git a/src/ffluci/menu.lua b/src/ffluci/menu.lua index 7b192aaea9..724faaeaa6 100644 --- a/src/ffluci/menu.lua +++ b/src/ffluci/menu.lua @@ -29,8 +29,8 @@ require("ffluci.fs") require("ffluci.util") require("ffluci.template") -ctrldir = ffluci.fs.dirname(ffluci.util.__file__()) .. "controller/" -modelpath = ffluci.fs.dirname(ffluci.util.__file__()) .. "model/menudata.lua" +ctrldir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/controller/" +modelpath = ffluci.fs.dirname(ffluci.util.__file__()) .. "/model/menudata.lua" -- Cache menudata into a Luafile instead of recollecting it at every pageload -- Warning: Make sure the menudata cache gets deleted everytime you update diff --git a/src/ffluci/sys.lua b/src/ffluci/sys.lua index 4ed2262c8b..97a926b0b1 100644 --- a/src/ffluci/sys.lua +++ b/src/ffluci/sys.lua @@ -25,7 +25,7 @@ limitations under the License. ]]-- module("ffluci.sys", package.seeall) -require("ffluci.fs") +require("posix") -- Returns the hostname function hostname() @@ -38,11 +38,40 @@ function loadavg() return loadavg:match("^(.-) (.-) (.-) (.-) (.-)$") end + +group = {} +group.getgroup = posix.getgroup + +net = {} -- Returns all available network interfaces -function net_devices() +function net.devices() local devices = {} for line in io.lines("/proc/net/dev") do table.insert(devices, line:match(" *(.-):")) end return devices +end + +process = {} +process.info = posix.getpid + +-- Sets the gid of a process +function process.setgroup(pid, gid) + return posix.setpid("g", pid, gid) +end + +-- Sets the uid of a process +function process.setuser(pid, uid) + return posix.setpid("u", pid, uid) +end + +user = {} +-- returns user information to a given uid +user.getuser = posix.getpasswd + +-- Changes the user password of given user +function user.setpasswd(user, pwd1, pwd2) + local cmd = "(echo '"..pwd1.."';sleep 1;echo '"..pwd2.."')|" + cmd = cmd .. "passwd "..user.." 2>&1" + return ffluci.util.exec(cmd) end
\ No newline at end of file diff --git a/src/ffluci/template.lua b/src/ffluci/template.lua index f7131488ef..2bc0150812 100644 --- a/src/ffluci/template.lua +++ b/src/ffluci/template.lua @@ -31,7 +31,7 @@ require("ffluci.fs") require("ffluci.i18n") require("ffluci.model.uci") -viewdir = ffluci.fs.dirname(ffluci.util.__file__()) .. "view/" +viewdir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/view/" -- Compile modes: diff --git a/src/ffluci/util.lua b/src/ffluci/util.lua index 85092f065c..c47a89895d 100644 --- a/src/ffluci/util.lua +++ b/src/ffluci/util.lua @@ -150,6 +150,16 @@ function instanceof(object, class) end +-- Creates valid XML PCDATA from a string +function pcdata(value) + value = value:gsub("&", "&") + value = value:gsub('"', """) + value = value:gsub("'", "'") + value = value:gsub("<", "<") + return value:gsub(">", ">") +end + + -- Resets the scope of f doing a shallow copy of its scope into a new table function resfenv(f) setfenv(f, clone(getfenv(f))) |