From 1c6c6d62ca665f9d1126b6bad849f7fd584b6a80 Mon Sep 17 00:00:00 2001
From: Steven Barth <steven@midlink.org>
Date: Sat, 29 Mar 2008 18:22:21 +0000
Subject: * Replaced luafilesystem with luaposix library * Introduced privilege
 dropping capability * Automatically drop privileges for "public" to
 "nobody/nogroup" (as defined in ffluci.uci)

---
 src/ffluci/dispatcher.lua | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'src/ffluci/dispatcher.lua')

diff --git a/src/ffluci/dispatcher.lua b/src/ffluci/dispatcher.lua
index 139b0e3083..b60a9beefa 100644
--- a/src/ffluci/dispatcher.lua
+++ b/src/ffluci/dispatcher.lua
@@ -84,8 +84,20 @@ limitations under the License.
 module("ffluci.dispatcher", package.seeall)
 require("ffluci.http")
 require("ffluci.template")
+require("ffluci.config")
+require("ffluci.sys")
 
 
+-- Sets privilege for given category
+function assign_privileges(category)
+	local cp = ffluci.config.category_privileges
+	if cp and cp[category] then
+		local u, g = cp[category]:match("([^:]+):([^:]+)")
+		ffluci.sys.process.setuser(u)
+		ffluci.sys.process.setgroup(g)
+	end
+end
+
 -- Dispatches the "request"
 function dispatch(req)
 	request = req
@@ -137,6 +149,7 @@ function httpdispatch()
 	local mod = sanitize(parts(), "index")
 	local act = sanitize(parts(), "index")
 	
+	assign_privileges(cat)
 	dispatch({category=cat, module=mod, action=act})
 end
 
-- 
cgit v1.2.3