summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-base
diff options
context:
space:
mode:
Diffstat (limited to 'modules/luci-base')
-rw-r--r--modules/luci-base/luasrc/dispatcher.lua157
-rw-r--r--modules/luci-base/luasrc/sys.lua204
2 files changed, 105 insertions, 256 deletions
diff --git a/modules/luci-base/luasrc/dispatcher.lua b/modules/luci-base/luasrc/dispatcher.lua
index 0bd19456f..1b684aa79 100644
--- a/modules/luci-base/luasrc/dispatcher.lua
+++ b/modules/luci-base/luasrc/dispatcher.lua
@@ -14,8 +14,6 @@ uci = require "luci.model.uci"
i18n = require "luci.i18n"
_M.fs = fs
-authenticator = {}
-
-- Index table
local index = nil
@@ -101,24 +99,6 @@ function error500(message)
return false
end
-function authenticator.htmlauth(validator, accs, default, template)
- local user = http.formvalue("luci_username")
- local pass = http.formvalue("luci_password")
-
- if user and validator(user, pass) then
- return user
- end
-
- require("luci.i18n")
- require("luci.template")
- context.path = {}
- http.status(403, "Forbidden")
- luci.template.render(template or "sysauth", {duser=default, fuser=user})
-
- return false
-
-end
-
function httpdispatch(request, prefix)
http.context.request = request
@@ -188,6 +168,44 @@ function test_post_security()
return true
end
+local function session_retrieve(sid, allowed_users)
+ local sdat = util.ubus("session", "get", { ubus_rpc_session = sid })
+
+ if type(sdat) == "table" and
+ type(sdat.values) == "table" and
+ type(sdat.values.token) == "string" and
+ (not allowed_users or
+ util.contains(allowed_users, sdat.values.username))
+ then
+ return sid, sdat.values
+ end
+
+ return nil, nil
+end
+
+local function session_setup(user, pass, allowed_users)
+ if util.contains(allowed_users, user) then
+ local login = util.ubus("session", "login", {
+ username = user,
+ password = pass,
+ timeout = tonumber(luci.config.sauth.sessiontime)
+ })
+
+ if type(login) == "table" and
+ type(login.ubus_rpc_session) == "string"
+ then
+ util.ubus("session", "set", {
+ ubus_rpc_session = login.ubus_rpc_session,
+ values = { token = sys.uniqueid(16) }
+ })
+
+ return session_retrieve(login.ubus_rpc_session)
+ end
+ end
+
+ return nil, nil
+end
+
function dispatch(request)
--context._disable_memtrace = require "luci.debug".trap_memtrace("l")
local ctx = context
@@ -332,74 +350,65 @@ function dispatch(request)
)
if track.sysauth then
- local authen = type(track.sysauth_authenticator) == "function"
- and track.sysauth_authenticator
- or authenticator[track.sysauth_authenticator]
+ local authen = track.sysauth_authenticator
+ local _, sid, sdat, default_user, allowed_users
- local def = (type(track.sysauth) == "string") and track.sysauth
- local accs = def and {track.sysauth} or track.sysauth
- local sess = ctx.authsession
- if not sess then
- sess = http.getcookie("sysauth")
- sess = sess and sess:match("^[a-f0-9]*$")
+ if type(authen) == "string" and authen ~= "htmlauth" then
+ error500("Unsupported authenticator %q configured" % authen)
+ return
end
- local sdat = (util.ubus("session", "get", { ubus_rpc_session = sess }) or { }).values
- local user, token
+ if type(track.sysauth) == "table" then
+ default_user, allowed_users = nil, track.sysauth
+ else
+ default_user, allowed_users = track.sysauth, { track.sysauth }
+ end
- if sdat then
- user = sdat.user
- token = sdat.token
+ if type(authen) == "function" then
+ _, sid = authen(sys.user.checkpasswd, allowed_users)
else
- local eu = http.getenv("HTTP_AUTH_USER")
- local ep = http.getenv("HTTP_AUTH_PASS")
- if eu and ep and sys.user.checkpasswd(eu, ep) then
- authen = function() return eu end
- end
+ sid = http.getcookie("sysauth")
end
- if not util.contains(accs, user) then
- if authen then
- local user, sess = authen(sys.user.checkpasswd, accs, def, track.sysauth_template)
- local token
- if not user or not util.contains(accs, user) then
- return
- else
- if not sess then
- local sdat = util.ubus("session", "create", { timeout = tonumber(luci.config.sauth.sessiontime) })
- if sdat then
- token = sys.uniqueid(16)
- util.ubus("session", "set", {
- ubus_rpc_session = sdat.ubus_rpc_session,
- values = {
- user = user,
- token = token,
- section = sys.uniqueid(16)
- }
- })
- sess = sdat.ubus_rpc_session
- end
- end
+ sid, sdat = session_retrieve(sid, allowed_users)
- if sess and token then
- http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sess, build_url() })
+ if not (sid and sdat) and authen == "htmlauth" then
+ local user = http.getenv("HTTP_AUTH_USER")
+ local pass = http.getenv("HTTP_AUTH_PASS")
- ctx.authsession = sess
- ctx.authtoken = token
- ctx.authuser = user
+ if user == nil and pass == nil then
+ user = http.formvalue("luci_username")
+ pass = http.formvalue("luci_password")
+ end
+
+ sid, sdat = session_setup(user, pass, allowed_users)
+
+ if not sid then
+ local tmpl = require "luci.template"
+
+ context.path = {}
- http.redirect(build_url(unpack(ctx.requestpath)))
- end
- end
- else
http.status(403, "Forbidden")
+ tmpl.render(track.sysauth_template or "sysauth", {
+ duser = default_user,
+ fuser = user
+ })
+
return
end
- else
- ctx.authsession = sess
- ctx.authtoken = token
- ctx.authuser = user
+
+ http.header("Set-Cookie", 'sysauth=%s; path=%s' %{ sid, build_url() })
+ http.redirect(build_url(unpack(ctx.requestpath)))
end
+
+ if not sid or not sdat then
+ http.status(403, "Forbidden")
+ return
+ end
+
+ ctx.authsession = sid
+ ctx.authtoken = sdat.token
+ ctx.authuser = sdat.username
end
if c and require_post_security(c.target) then
diff --git a/modules/luci-base/luasrc/sys.lua b/modules/luci-base/luasrc/sys.lua
index a97271732..99f3ee291 100644
--- a/modules/luci-base/luasrc/sys.lua
+++ b/modules/luci-base/luasrc/sys.lua
@@ -117,45 +117,12 @@ end
net = {}
--- The following fields are defined for arp entry objects:
--- { "IP address", "HW address", "HW type", "Flags", "Mask", "Device" }
-function net.arptable(callback)
- local arp = (not callback) and {} or nil
- local e, r, v
- if fs.access("/proc/net/arp") then
- for e in io.lines("/proc/net/arp") do
- local r = { }, v
- for v in e:gmatch("%S+") do
- r[#r+1] = v
- end
-
- if r[1] ~= "IP" then
- local x = {
- ["IP address"] = r[1],
- ["HW type"] = r[2],
- ["Flags"] = r[3],
- ["HW address"] = r[4],
- ["Mask"] = r[5],
- ["Device"] = r[6]
- }
-
- if callback then
- callback(x)
- else
- arp = arp or { }
- arp[#arp+1] = x
- end
- end
- end
- end
- return arp
-end
-
local function _nethints(what, callback)
local _, k, e, mac, ip, name
local cur = uci.cursor()
local ifn = { }
local hosts = { }
+ local lookup = { }
local function _add(i, ...)
local k = select(i, ...)
@@ -224,8 +191,20 @@ local function _nethints(what, callback)
end
end
+ for _, e in pairs(hosts) do
+ lookup[#lookup+1] = (what > 1) and e[what] or (e[2] or e[3])
+ end
+
+ if #lookup > 0 then
+ lookup = luci.util.ubus("network.rrdns", "lookup", {
+ addrs = lookup,
+ timeout = 250,
+ limit = 1000
+ }) or { }
+ end
+
for _, e in luci.util.kspairs(hosts) do
- callback(e[1], e[2], e[3], e[4])
+ callback(e[1], e[2], e[3], lookup[e[2]] or lookup[e[3]] or e[4])
end
end
@@ -234,17 +213,17 @@ end
function net.mac_hints(callback)
if callback then
_nethints(1, function(mac, v4, v6, name)
- name = name or nixio.getnameinfo(v4 or v6, nil, 100) or v4
+ name = name or v4
if name and name ~= mac then
- callback(mac, name or nixio.getnameinfo(v4 or v6, nil, 100) or v4)
+ callback(mac, name or v4)
end
end)
else
local rv = { }
_nethints(1, function(mac, v4, v6, name)
- name = name or nixio.getnameinfo(v4 or v6, nil, 100) or v4
+ name = name or v4
if name and name ~= mac then
- rv[#rv+1] = { mac, name or nixio.getnameinfo(v4 or v6, nil, 100) or v4 }
+ rv[#rv+1] = { mac, name or v4 }
end
end)
return rv
@@ -256,7 +235,7 @@ end
function net.ipv4_hints(callback)
if callback then
_nethints(2, function(mac, v4, v6, name)
- name = name or nixio.getnameinfo(v4, nil, 100) or mac
+ name = name or mac
if name and name ~= v4 then
callback(v4, name)
end
@@ -264,7 +243,7 @@ function net.ipv4_hints(callback)
else
local rv = { }
_nethints(2, function(mac, v4, v6, name)
- name = name or nixio.getnameinfo(v4, nil, 100) or mac
+ name = name or mac
if name and name ~= v4 then
rv[#rv+1] = { v4, name }
end
@@ -278,7 +257,7 @@ end
function net.ipv6_hints(callback)
if callback then
_nethints(3, function(mac, v4, v6, name)
- name = name or nixio.getnameinfo(v6, nil, 100) or mac
+ name = name or mac
if name and name ~= v6 then
callback(v6, name)
end
@@ -286,7 +265,7 @@ function net.ipv6_hints(callback)
else
local rv = { }
_nethints(3, function(mac, v4, v6, name)
- name = name or nixio.getnameinfo(v6, nil, 100) or mac
+ name = name or mac
if name and name ~= v6 then
rv[#rv+1] = { v6, name }
end
@@ -378,145 +357,6 @@ function net.devices()
end
-function net.deviceinfo()
- local devs = {}
- for k, v in ipairs(nixio.getifaddrs()) do
- if v.family == "packet" then
- local d = v.data
- d[1] = d.rx_bytes
- d[2] = d.rx_packets
- d[3] = d.rx_errors
- d[4] = d.rx_dropped
- d[5] = 0
- d[6] = 0
- d[7] = 0
- d[8] = d.multicast
- d[9] = d.tx_bytes
- d[10] = d.tx_packets
- d[11] = d.tx_errors
- d[12] = d.tx_dropped
- d[13] = 0
- d[14] = d.collisions
- d[15] = 0
- d[16] = 0
- devs[v.name] = d
- end
- end
- return devs
-end
-
-
--- The following fields are defined for route entry tables:
--- { "dest", "gateway", "metric", "refcount", "usecount", "irtt",
--- "flags", "device" }
-function net.routes(callback)
- local routes = { }
-
- for line in io.lines("/proc/net/route") do
-
- local dev, dst_ip, gateway, flags, refcnt, usecnt, metric,
- dst_mask, mtu, win, irtt = line:match(
- "([^%s]+)\t([A-F0-9]+)\t([A-F0-9]+)\t([A-F0-9]+)\t" ..
- "(%d+)\t(%d+)\t(%d+)\t([A-F0-9]+)\t(%d+)\t(%d+)\t(%d+)"
- )
-
- if dev then
- gateway = luci.ip.Hex( gateway, 32, luci.ip.FAMILY_INET4 )
- dst_mask = luci.ip.Hex( dst_mask, 32, luci.ip.FAMILY_INET4 )
- dst_ip = luci.ip.Hex(
- dst_ip, dst_mask:prefix(dst_mask), luci.ip.FAMILY_INET4
- )
-
- local rt = {
- dest = dst_ip,
- gateway = gateway,
- metric = tonumber(metric),
- refcount = tonumber(refcnt),
- usecount = tonumber(usecnt),
- mtu = tonumber(mtu),
- window = tonumber(window),
- irtt = tonumber(irtt),
- flags = tonumber(flags, 16),
- device = dev
- }
-
- if callback then
- callback(rt)
- else
- routes[#routes+1] = rt
- end
- end
- end
-
- return routes
-end
-
--- The following fields are defined for route entry tables:
--- { "source", "dest", "nexthop", "metric", "refcount", "usecount",
--- "flags", "device" }
-function net.routes6(callback)
- if fs.access("/proc/net/ipv6_route", "r") then
- local routes = { }
-
- for line in io.lines("/proc/net/ipv6_route") do
-
- local dst_ip, dst_prefix, src_ip, src_prefix, nexthop,
- metric, refcnt, usecnt, flags, dev = line:match(
- "([a-f0-9]+) ([a-f0-9]+) " ..
- "([a-f0-9]+) ([a-f0-9]+) " ..
- "([a-f0-9]+) ([a-f0-9]+) " ..
- "([a-f0-9]+) ([a-f0-9]+) " ..
- "([a-f0-9]+) +([^%s]+)"
- )
-
- if dst_ip and dst_prefix and
- src_ip and src_prefix and
- nexthop and metric and
- refcnt and usecnt and
- flags and dev
- then
- src_ip = luci.ip.Hex(
- src_ip, tonumber(src_prefix, 16), luci.ip.FAMILY_INET6, false
- )
-
- dst_ip = luci.ip.Hex(
- dst_ip, tonumber(dst_prefix, 16), luci.ip.FAMILY_INET6, false
- )
-
- nexthop = luci.ip.Hex( nexthop, 128, luci.ip.FAMILY_INET6, false )
-
- local rt = {
- source = src_ip,
- dest = dst_ip,
- nexthop = nexthop,
- metric = tonumber(metric, 16),
- refcount = tonumber(refcnt, 16),
- usecount = tonumber(usecnt, 16),
- flags = tonumber(flags, 16),
- device = dev,
-
- -- lua number is too small for storing the metric
- -- add a metric_raw field with the original content
- metric_raw = metric
- }
-
- if callback then
- callback(rt)
- else
- routes[#routes+1] = rt
- end
- end
- end
-
- return routes
- end
-end
-
-function net.pingtest(host)
- return os.execute("ping -c1 '"..host:gsub("'", '').."' >/dev/null 2>&1")
-end
-
-
process = {}
function process.info(key)