summaryrefslogtreecommitdiffhomepage
path: root/src
diff options
context:
space:
mode:
authorSteven Barth <steven@midlink.org>2008-03-29 18:22:21 +0000
committerSteven Barth <steven@midlink.org>2008-03-29 18:22:21 +0000
commit1c6c6d62ca665f9d1126b6bad849f7fd584b6a80 (patch)
treed0f6d975a17d100a52d158a72904d3cbbf964ab4 /src
parentcdb0b2f0bfaa0e0bb40b1b90581e1376f55fb0df (diff)
* Replaced luafilesystem with luaposix library
* Introduced privilege dropping capability * Automatically drop privileges for "public" to "nobody/nogroup" (as defined in ffluci.uci)
Diffstat (limited to 'src')
-rw-r--r--src/ffluci/cbi.lua2
-rw-r--r--src/ffluci/controller/admin/system.lua5
-rw-r--r--src/ffluci/dispatcher.lua13
-rw-r--r--src/ffluci/fs.lua26
-rw-r--r--src/ffluci/i18n.lua2
-rw-r--r--src/ffluci/menu.lua4
-rw-r--r--src/ffluci/sys.lua33
-rw-r--r--src/ffluci/template.lua2
-rw-r--r--src/ffluci/util.lua10
9 files changed, 75 insertions, 22 deletions
diff --git a/src/ffluci/cbi.lua b/src/ffluci/cbi.lua
index 296a77b49..d89405516 100644
--- a/src/ffluci/cbi.lua
+++ b/src/ffluci/cbi.lua
@@ -39,7 +39,7 @@ function load(cbimap)
require("ffluci.fs")
require("ffluci.i18n")
- local cbidir = ffluci.fs.dirname(ffluci.util.__file__()) .. "model/cbi/"
+ local cbidir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/model/cbi/"
local func, err = loadfile(cbidir..cbimap..".lua")
if not func then
diff --git a/src/ffluci/controller/admin/system.lua b/src/ffluci/controller/admin/system.lua
index df2d981e4..be2d9b6eb 100644
--- a/src/ffluci/controller/admin/system.lua
+++ b/src/ffluci/controller/admin/system.lua
@@ -1,6 +1,6 @@
module("ffluci.controller.admin.system", package.seeall)
-require("ffluci.util")
+require("ffluci.sys")
require("ffluci.http")
menu = {
@@ -18,8 +18,7 @@ function action_passwd()
local cm
if p1 or p2 then
- cm = "(echo '"..p1.."';sleep 1;echo '"..p2.."') | passwd root 2>&1"
- msg = ffluci.util.exec(cm)
+ msg = ffluci.sys.user.setpasswd("root", p1, p2)
end
ffluci.template.render("admin_system/passwd", {msg=msg})
diff --git a/src/ffluci/dispatcher.lua b/src/ffluci/dispatcher.lua
index 139b0e308..b60a9beef 100644
--- a/src/ffluci/dispatcher.lua
+++ b/src/ffluci/dispatcher.lua
@@ -84,8 +84,20 @@ limitations under the License.
module("ffluci.dispatcher", package.seeall)
require("ffluci.http")
require("ffluci.template")
+require("ffluci.config")
+require("ffluci.sys")
+-- Sets privilege for given category
+function assign_privileges(category)
+ local cp = ffluci.config.category_privileges
+ if cp and cp[category] then
+ local u, g = cp[category]:match("([^:]+):([^:]+)")
+ ffluci.sys.process.setuser(u)
+ ffluci.sys.process.setgroup(g)
+ end
+end
+
-- Dispatches the "request"
function dispatch(req)
request = req
@@ -137,6 +149,7 @@ function httpdispatch()
local mod = sanitize(parts(), "index")
local act = sanitize(parts(), "index")
+ assign_privileges(cat)
dispatch({category=cat, module=mod, action=act})
end
diff --git a/src/ffluci/fs.lua b/src/ffluci/fs.lua
index fdea1b51e..189612279 100644
--- a/src/ffluci/fs.lua
+++ b/src/ffluci/fs.lua
@@ -26,7 +26,7 @@ limitations under the License.
module("ffluci.fs", package.seeall)
-require("lfs")
+require("posix")
-- Checks whether a file exists
function isfile(filename)
@@ -80,26 +80,28 @@ end
-- Returns the file modification date/time of "path"
function mtime(path)
- return lfs.attributes(path, "modification")
+ return posix.stat(path, "mtime")
end
--- Simplified dirname function
-function dirname(file)
- return string.gsub(file, "[^/]+$", "")
+-- basename wrapper
+function basename(path)
+ return posix.basename(path)
+end
+
+-- dirname wrapper
+function dirname(path)
+ return posix.dirname(path)
end
-- Diriterator - alias for lfs.dir - filter . and ..
function dir(path)
- local e = {}
- for entry in lfs.dir(path) do
- if not(entry == "." or entry == "..") then
- table.insert(e, entry)
- end
- end
+ local e = posix.dir(path)
+ table.remove(e, 1)
+ table.remove(e, 1)
return e
end
-- Alias for lfs.mkdir
function mkdir(...)
- return lfs.mkdir(...)
+ return posix.mkdir(...)
end \ No newline at end of file
diff --git a/src/ffluci/i18n.lua b/src/ffluci/i18n.lua
index 1abe22fd7..c362d3e5f 100644
--- a/src/ffluci/i18n.lua
+++ b/src/ffluci/i18n.lua
@@ -31,7 +31,7 @@ require("ffluci.util")
require("ffluci.config")
table = {}
-i18ndir = ffluci.fs.dirname(ffluci.util.__file__()) .. "i18n/"
+i18ndir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/i18n/"
-- Clears the translation table
function clear()
diff --git a/src/ffluci/menu.lua b/src/ffluci/menu.lua
index 7b192aaea..724faaeaa 100644
--- a/src/ffluci/menu.lua
+++ b/src/ffluci/menu.lua
@@ -29,8 +29,8 @@ require("ffluci.fs")
require("ffluci.util")
require("ffluci.template")
-ctrldir = ffluci.fs.dirname(ffluci.util.__file__()) .. "controller/"
-modelpath = ffluci.fs.dirname(ffluci.util.__file__()) .. "model/menudata.lua"
+ctrldir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/controller/"
+modelpath = ffluci.fs.dirname(ffluci.util.__file__()) .. "/model/menudata.lua"
-- Cache menudata into a Luafile instead of recollecting it at every pageload
-- Warning: Make sure the menudata cache gets deleted everytime you update
diff --git a/src/ffluci/sys.lua b/src/ffluci/sys.lua
index 4ed2262c8..97a926b0b 100644
--- a/src/ffluci/sys.lua
+++ b/src/ffluci/sys.lua
@@ -25,7 +25,7 @@ limitations under the License.
]]--
module("ffluci.sys", package.seeall)
-require("ffluci.fs")
+require("posix")
-- Returns the hostname
function hostname()
@@ -38,11 +38,40 @@ function loadavg()
return loadavg:match("^(.-) (.-) (.-) (.-) (.-)$")
end
+
+group = {}
+group.getgroup = posix.getgroup
+
+net = {}
-- Returns all available network interfaces
-function net_devices()
+function net.devices()
local devices = {}
for line in io.lines("/proc/net/dev") do
table.insert(devices, line:match(" *(.-):"))
end
return devices
+end
+
+process = {}
+process.info = posix.getpid
+
+-- Sets the gid of a process
+function process.setgroup(pid, gid)
+ return posix.setpid("g", pid, gid)
+end
+
+-- Sets the uid of a process
+function process.setuser(pid, uid)
+ return posix.setpid("u", pid, uid)
+end
+
+user = {}
+-- returns user information to a given uid
+user.getuser = posix.getpasswd
+
+-- Changes the user password of given user
+function user.setpasswd(user, pwd1, pwd2)
+ local cmd = "(echo '"..pwd1.."';sleep 1;echo '"..pwd2.."')|"
+ cmd = cmd .. "passwd "..user.." 2>&1"
+ return ffluci.util.exec(cmd)
end \ No newline at end of file
diff --git a/src/ffluci/template.lua b/src/ffluci/template.lua
index f7131488e..2bc015081 100644
--- a/src/ffluci/template.lua
+++ b/src/ffluci/template.lua
@@ -31,7 +31,7 @@ require("ffluci.fs")
require("ffluci.i18n")
require("ffluci.model.uci")
-viewdir = ffluci.fs.dirname(ffluci.util.__file__()) .. "view/"
+viewdir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/view/"
-- Compile modes:
diff --git a/src/ffluci/util.lua b/src/ffluci/util.lua
index 85092f065..c47a89895 100644
--- a/src/ffluci/util.lua
+++ b/src/ffluci/util.lua
@@ -150,6 +150,16 @@ function instanceof(object, class)
end
+-- Creates valid XML PCDATA from a string
+function pcdata(value)
+ value = value:gsub("&", "&amp;")
+ value = value:gsub('"', "&quot;")
+ value = value:gsub("'", "&apos;")
+ value = value:gsub("<", "&lt;")
+ return value:gsub(">", "&gt;")
+end
+
+
-- Resets the scope of f doing a shallow copy of its scope into a new table
function resfenv(f)
setfenv(f, clone(getfenv(f)))