diff options
Diffstat (limited to 'modules/luci-base')
-rw-r--r-- | modules/luci-base/luasrc/dispatcher.lua | 157 | ||||
-rw-r--r-- | modules/luci-base/luasrc/sys.lua | 204 |
2 files changed, 105 insertions, 256 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua index 0bd19456f..1b684aa79 100644 --- a/modules/luci-base/luasrc/dispatcher.lua +++ b/modules/luci-base/luasrc/dispatcher.lua @@ -14,8 +14,6 @@ uci = require "luci.model.uci" i18n = require "luci.i18n" _M.fs = fs -authenticator = {} - -- Index table local index = nil @@ -101,24 +99,6 @@ function error500(message) return false end -function authenticator.htmlauth(validator, accs, default, template) - local user = http.formvalue("luci_username") - local pass = http.formvalue("luci_password") - - if user and validator(user, pass) then - return user - end - - require("luci.i18n") - require("luci.template") - context.path = {} - http.status(403, "Forbidden") - luci.template.render(template or "sysauth", {duser=default, fuser=user}) - - return false - -end - function httpdispatch(request, prefix) http.context.request = request @@ -188,6 +168,44 @@ function test_post_security() return true end +local function session_retrieve(sid, allowed_users) + local sdat = util.ubus("session", "get", { ubus_rpc_session = sid }) + + if type(sdat) == "table" and + type(sdat.values) == "table" and + type(sdat.values.token) == "string" and + (not allowed_users or + util.contains(allowed_users, sdat.values.username)) + then + return sid, sdat.values + end + + return nil, nil +end + +local function session_setup(user, pass, allowed_users) + if util.contains(allowed_users, user) then + local login = util.ubus("session", "login", { + username = user, + password = pass, + timeout = tonumber(luci.config.sauth.sessiontime) + }) + + if type(login) == "table" and + type(login.ubus_rpc_session) == "string" + then + util.ubus("session", "set", { + ubus_rpc_session = login.ubus_rpc_session, + values = { token = sys.uniqueid(16) } + }) + + return session_retrieve(login.ubus_rpc_session) + end + end + + return nil, nil +end + function dispatch(request) --context._disable_memtrace = require "luci.debug".trap_memtrace("l") local ctx = context @@ -332,74 +350,65 @@ function dispatch(request) ) if track.sysauth then - local authen = type(track.sysauth_authenticator) == "function" - and track.sysauth_authenticator - or authenticator[track.sysauth_authenticator] + local authen = track.sysauth_authenticator + local _, sid, sdat, default_user, allowed_users - local def = (type(track.sysauth) == "string") and track.sysauth - local accs = def and {track.sysauth} or track.sysauth - local sess = ctx.authsession - if not sess then - sess = http.getcookie("sysauth") - sess = sess and sess:match("^[a-f0-9]*$") + if type(authen) == "string" and authen ~= "htmlauth" then + error500("Unsupported authenticator %q configured" % authen) + return end - local sdat = (util.ubus("session", "get", { ubus_rpc_session = sess }) or { }).values - local user, token + if type(track.sysauth) == "table" then + default_user, allowed_users = nil, track.sysauth + else + default_user, allowed_users = track.sysauth, { track.sysauth } + end - if sdat then - user = sdat.user - token = sdat.token + if type(authen) == "function" then + _, sid = authen(sys.user.checkpasswd, allowed_users) else - local eu = http.getenv("HTTP_AUTH_USER") - local ep = http.getenv("HTTP_AUTH_PASS") - if eu and ep and sys.user.checkpasswd(eu, ep) then - authen = function() return eu end - end + sid = http.getcookie("sysauth") end - if not util.contains(accs, user) then - if authen then - local user, sess = authen(sys.user.checkpasswd, accs, def, track.sysauth_template) - local token - if not user or not util.contains(accs, user) then - return - else - if not sess then - local sdat = util.ubus("session", "create", { timeout = tonumber(luci.config.sauth.sessiontime) }) - if sdat then - token = sys.uniqueid(16) - util.ubus("session", "set", { - ubus_rpc_session = sdat.ubus_rpc_session, - values = { - user = user, - token = token, - section = sys.uniqueid(16) - } - }) - sess = sdat.ubus_rpc_session - end - end + sid, sdat = session_retrieve(sid, allowed_users) - if sess and token then - http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sess, build_url() }) + if not (sid and sdat) and authen == "htmlauth" then + local user = http.getenv("HTTP_AUTH_USER") + local pass = http.getenv("HTTP_AUTH_PASS") - ctx.authsession = sess - ctx.authtoken = token - ctx.authuser = user + if user == nil and pass == nil then + user = http.formvalue("luci_username") + pass = http.formvalue("luci_password") + end + + sid, sdat = session_setup(user, pass, allowed_users) + + if not sid then + local tmpl = require "luci.template" + + context.path = {} - http.redirect(build_url(unpack(ctx.requestpath))) - end - end - else http.status(403, "Forbidden") + tmpl.render(track.sysauth_template or "sysauth", { + duser = default_user, + fuser = user + }) + return end - else - ctx.authsession = sess - ctx.authtoken = token - ctx.authuser = user + + http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sid, build_url() }) + http.redirect(build_url(unpack(ctx.requestpath))) end + + if not sid or not sdat then + http.status(403, "Forbidden") + return + end + + ctx.authsession = sid + ctx.authtoken = sdat.token + ctx.authuser = sdat.username end if c and require_post_security(c.target) then diff --git a/modules/luci-base/luasrc/sys.lua b/modules/luci-base/luasrc/sys.lua index a97271732..99f3ee291 100644 --- a/modules/luci-base/luasrc/sys.lua +++ b/modules/luci-base/luasrc/sys.lua @@ -117,45 +117,12 @@ end net = {} --- The following fields are defined for arp entry objects: --- { "IP address", "HW address", "HW type", "Flags", "Mask", "Device" } -function net.arptable(callback) - local arp = (not callback) and {} or nil - local e, r, v - if fs.access("/proc/net/arp") then - for e in io.lines("/proc/net/arp") do - local r = { }, v - for v in e:gmatch("%S+") do - r[#r+1] = v - end - - if r[1] ~= "IP" then - local x = { - ["IP address"] = r[1], - ["HW type"] = r[2], - ["Flags"] = r[3], - ["HW address"] = r[4], - ["Mask"] = r[5], - ["Device"] = r[6] - } - - if callback then - callback(x) - else - arp = arp or { } - arp[#arp+1] = x - end - end - end - end - return arp -end - local function _nethints(what, callback) local _, k, e, mac, ip, name local cur = uci.cursor() local ifn = { } local hosts = { } + local lookup = { } local function _add(i, ...) local k = select(i, ...) @@ -224,8 +191,20 @@ local function _nethints(what, callback) end end + for _, e in pairs(hosts) do + lookup[#lookup+1] = (what > 1) and e[what] or (e[2] or e[3]) + end + + if #lookup > 0 then + lookup = luci.util.ubus("network.rrdns", "lookup", { + addrs = lookup, + timeout = 250, + limit = 1000 + }) or { } + end + for _, e in luci.util.kspairs(hosts) do - callback(e[1], e[2], e[3], e[4]) + callback(e[1], e[2], e[3], lookup[e[2]] or lookup[e[3]] or e[4]) end end @@ -234,17 +213,17 @@ end function net.mac_hints(callback) if callback then _nethints(1, function(mac, v4, v6, name) - name = name or nixio.getnameinfo(v4 or v6, nil, 100) or v4 + name = name or v4 if name and name ~= mac then - callback(mac, name or nixio.getnameinfo(v4 or v6, nil, 100) or v4) + callback(mac, name or v4) end end) else local rv = { } _nethints(1, function(mac, v4, v6, name) - name = name or nixio.getnameinfo(v4 or v6, nil, 100) or v4 + name = name or v4 if name and name ~= mac then - rv[#rv+1] = { mac, name or nixio.getnameinfo(v4 or v6, nil, 100) or v4 } + rv[#rv+1] = { mac, name or v4 } end end) return rv @@ -256,7 +235,7 @@ end function net.ipv4_hints(callback) if callback then _nethints(2, function(mac, v4, v6, name) - name = name or nixio.getnameinfo(v4, nil, 100) or mac + name = name or mac if name and name ~= v4 then callback(v4, name) end @@ -264,7 +243,7 @@ function net.ipv4_hints(callback) else local rv = { } _nethints(2, function(mac, v4, v6, name) - name = name or nixio.getnameinfo(v4, nil, 100) or mac + name = name or mac if name and name ~= v4 then rv[#rv+1] = { v4, name } end @@ -278,7 +257,7 @@ end function net.ipv6_hints(callback) if callback then _nethints(3, function(mac, v4, v6, name) - name = name or nixio.getnameinfo(v6, nil, 100) or mac + name = name or mac if name and name ~= v6 then callback(v6, name) end @@ -286,7 +265,7 @@ function net.ipv6_hints(callback) else local rv = { } _nethints(3, function(mac, v4, v6, name) - name = name or nixio.getnameinfo(v6, nil, 100) or mac + name = name or mac if name and name ~= v6 then rv[#rv+1] = { v6, name } end @@ -378,145 +357,6 @@ function net.devices() end -function net.deviceinfo() - local devs = {} - for k, v in ipairs(nixio.getifaddrs()) do - if v.family == "packet" then - local d = v.data - d[1] = d.rx_bytes - d[2] = d.rx_packets - d[3] = d.rx_errors - d[4] = d.rx_dropped - d[5] = 0 - d[6] = 0 - d[7] = 0 - d[8] = d.multicast - d[9] = d.tx_bytes - d[10] = d.tx_packets - d[11] = d.tx_errors - d[12] = d.tx_dropped - d[13] = 0 - d[14] = d.collisions - d[15] = 0 - d[16] = 0 - devs[v.name] = d - end - end - return devs -end - - --- The following fields are defined for route entry tables: --- { "dest", "gateway", "metric", "refcount", "usecount", "irtt", --- "flags", "device" } -function net.routes(callback) - local routes = { } - - for line in io.lines("/proc/net/route") do - - local dev, dst_ip, gateway, flags, refcnt, usecnt, metric, - dst_mask, mtu, win, irtt = line:match( - "([^%s]+)\t([A-F0-9]+)\t([A-F0-9]+)\t([A-F0-9]+)\t" .. - "(%d+)\t(%d+)\t(%d+)\t([A-F0-9]+)\t(%d+)\t(%d+)\t(%d+)" - ) - - if dev then - gateway = luci.ip.Hex( gateway, 32, luci.ip.FAMILY_INET4 ) - dst_mask = luci.ip.Hex( dst_mask, 32, luci.ip.FAMILY_INET4 ) - dst_ip = luci.ip.Hex( - dst_ip, dst_mask:prefix(dst_mask), luci.ip.FAMILY_INET4 - ) - - local rt = { - dest = dst_ip, - gateway = gateway, - metric = tonumber(metric), - refcount = tonumber(refcnt), - usecount = tonumber(usecnt), - mtu = tonumber(mtu), - window = tonumber(window), - irtt = tonumber(irtt), - flags = tonumber(flags, 16), - device = dev - } - - if callback then - callback(rt) - else - routes[#routes+1] = rt - end - end - end - - return routes -end - --- The following fields are defined for route entry tables: --- { "source", "dest", "nexthop", "metric", "refcount", "usecount", --- "flags", "device" } -function net.routes6(callback) - if fs.access("/proc/net/ipv6_route", "r") then - local routes = { } - - for line in io.lines("/proc/net/ipv6_route") do - - local dst_ip, dst_prefix, src_ip, src_prefix, nexthop, - metric, refcnt, usecnt, flags, dev = line:match( - "([a-f0-9]+) ([a-f0-9]+) " .. - "([a-f0-9]+) ([a-f0-9]+) " .. - "([a-f0-9]+) ([a-f0-9]+) " .. - "([a-f0-9]+) ([a-f0-9]+) " .. - "([a-f0-9]+) +([^%s]+)" - ) - - if dst_ip and dst_prefix and - src_ip and src_prefix and - nexthop and metric and - refcnt and usecnt and - flags and dev - then - src_ip = luci.ip.Hex( - src_ip, tonumber(src_prefix, 16), luci.ip.FAMILY_INET6, false - ) - - dst_ip = luci.ip.Hex( - dst_ip, tonumber(dst_prefix, 16), luci.ip.FAMILY_INET6, false - ) - - nexthop = luci.ip.Hex( nexthop, 128, luci.ip.FAMILY_INET6, false ) - - local rt = { - source = src_ip, - dest = dst_ip, - nexthop = nexthop, - metric = tonumber(metric, 16), - refcount = tonumber(refcnt, 16), - usecount = tonumber(usecnt, 16), - flags = tonumber(flags, 16), - device = dev, - - -- lua number is too small for storing the metric - -- add a metric_raw field with the original content - metric_raw = metric - } - - if callback then - callback(rt) - else - routes[#routes+1] = rt - end - end - end - - return routes - end -end - -function net.pingtest(host) - return os.execute("ping -c1 '"..host:gsub("'", '').."' >/dev/null 2>&1") -end - - process = {} function process.info(key) |