* Replaced luafilesystem with luaposix library
* Introduced privilege dropping capability * Automatically drop privileges for "public" to "nobody/nogroup" (as defined in ffluci.uci)
This commit is contained in:
Steven Barth
parent
cdb0b2f0bf
commit
1c6c6d62ca
13 changed files with 93 additions and 38 deletions
6
Makefile
6
Makefile
|
|
@ -4,9 +4,9 @@ LUAC_OPTIONS = -s
|
|||
FILES =
|
||||
|
||||
CFILES = ffluci/util.lua ffluci/http.lua ffluci/fs.lua \
|
||||
ffluci/model/uci.lua ffluci/config.lua ffluci/i18n.lua \
|
||||
ffluci/template.lua ffluci/cbi.lua ffluci/dispatcher.lua \
|
||||
ffluci/menu.lua ffluci/init.lua ffluci/sys.lua
|
||||
ffluci/sys.lua ffluci/model/uci.lua ffluci/config.lua \
|
||||
ffluci/i18n.lua ffluci/template.lua ffluci/cbi.lua \
|
||||
ffluci/dispatcher.lua ffluci/menu.lua ffluci/init.lua
|
||||
|
||||
DIRECTORIES = dist/ffluci/model/cbi dist/ffluci/controller dist/ffluci/i18n dist/ffluci/view
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@ config core main
|
|||
option lang de
|
||||
option mediaurlbase /ffluci/media
|
||||
|
||||
config core category_privileges
|
||||
option public nobody:nogroup
|
||||
|
||||
config public contact
|
||||
option nickname
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ define Package/ffluci
|
|||
SECTION:=admin
|
||||
CATEGORY:=Administration
|
||||
TITLE:=FFLuCI
|
||||
DEPENDS:=+liblua +luafilesystem +haserl
|
||||
DEPENDS:=+liblua +luaposix +haserl
|
||||
MAINTAINER:=Steven Barth <steven-at-midlink-dot-org>
|
||||
endef
|
||||
|
||||
|
|
|
|||
|
|
@ -1,23 +1,23 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=luafilesystem
|
||||
PKG_VERSION:=1.4.0
|
||||
PKG_NAME:=luaposix
|
||||
PKG_VERSION:=5.1.2
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=http://luaforge.net/frs/download.php/3158
|
||||
PKG_MD5SUM:=6f3d247f27820b8f045431ad81bcd3ad
|
||||
PKG_SOURCE_URL:=http://luaforge.net/frs/download.php/3063
|
||||
PKG_MD5SUM:=31deeb4add91f76b3c2d36aae2888d81
|
||||
|
||||
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
|
||||
PKG_INSTALL_DIR:=$(PKG_BUILD_DIR)/ipkg-install
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/luafilesystem
|
||||
define Package/luaposix
|
||||
SECTION:=lib
|
||||
CATEGORY:=Libraries
|
||||
TITLE:=Lua FS library
|
||||
URL:=http://www.keplerproject.org/luafilesystem/
|
||||
TITLE:=Lua Posix library
|
||||
URL:=http://luaforge.net/projects/luaposix/
|
||||
DEPENDS:=+liblua
|
||||
MAINTAINER:=Steven Barth <steven-at-midlink-dot-org>
|
||||
endef
|
||||
|
|
@ -32,13 +32,13 @@ define Build/Compile
|
|||
AR="$(TARGET_CROSS)ar rcu" \
|
||||
RANLIB="$(TARGET_CROSS)ranlib" \
|
||||
INSTALL_ROOT=/usr \
|
||||
LUA_INC=$(STAGING_DIR)/usr/include
|
||||
LUAINC=$(STAGING_DIR)/usr/include
|
||||
endef
|
||||
|
||||
define Package/luafilesystem/install
|
||||
define Package/luaposix/install
|
||||
$(INSTALL_DIR) $(1)/usr/lib/lua
|
||||
$(STRIP) $(PKG_BUILD_DIR)/src/lfs.so
|
||||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/src/lfs.so $(1)/usr/lib/lua
|
||||
$(STRIP) $(PKG_BUILD_DIR)/posix.so
|
||||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/posix.so $(1)/usr/lib/lua
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,luafilesystem))
|
||||
$(eval $(call BuildPackage,luaposix))
|
||||
|
|
@ -39,7 +39,7 @@ function load(cbimap)
|
|||
require("ffluci.fs")
|
||||
require("ffluci.i18n")
|
||||
|
||||
local cbidir = ffluci.fs.dirname(ffluci.util.__file__()) .. "model/cbi/"
|
||||
local cbidir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/model/cbi/"
|
||||
local func, err = loadfile(cbidir..cbimap..".lua")
|
||||
|
||||
if not func then
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
module("ffluci.controller.admin.system", package.seeall)
|
||||
|
||||
require("ffluci.util")
|
||||
require("ffluci.sys")
|
||||
require("ffluci.http")
|
||||
|
||||
menu = {
|
||||
|
|
@ -18,8 +18,7 @@ function action_passwd()
|
|||
local cm
|
||||
|
||||
if p1 or p2 then
|
||||
cm = "(echo '"..p1.."';sleep 1;echo '"..p2.."') | passwd root 2>&1"
|
||||
msg = ffluci.util.exec(cm)
|
||||
msg = ffluci.sys.user.setpasswd("root", p1, p2)
|
||||
end
|
||||
|
||||
ffluci.template.render("admin_system/passwd", {msg=msg})
|
||||
|
|
|
|||
|
|
@ -84,8 +84,20 @@ limitations under the License.
|
|||
module("ffluci.dispatcher", package.seeall)
|
||||
require("ffluci.http")
|
||||
require("ffluci.template")
|
||||
require("ffluci.config")
|
||||
require("ffluci.sys")
|
||||
|
||||
|
||||
-- Sets privilege for given category
|
||||
function assign_privileges(category)
|
||||
local cp = ffluci.config.category_privileges
|
||||
if cp and cp[category] then
|
||||
local u, g = cp[category]:match("([^:]+):([^:]+)")
|
||||
ffluci.sys.process.setuser(u)
|
||||
ffluci.sys.process.setgroup(g)
|
||||
end
|
||||
end
|
||||
|
||||
-- Dispatches the "request"
|
||||
function dispatch(req)
|
||||
request = req
|
||||
|
|
@ -137,6 +149,7 @@ function httpdispatch()
|
|||
local mod = sanitize(parts(), "index")
|
||||
local act = sanitize(parts(), "index")
|
||||
|
||||
assign_privileges(cat)
|
||||
dispatch({category=cat, module=mod, action=act})
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ limitations under the License.
|
|||
|
||||
module("ffluci.fs", package.seeall)
|
||||
|
||||
require("lfs")
|
||||
require("posix")
|
||||
|
||||
-- Checks whether a file exists
|
||||
function isfile(filename)
|
||||
|
|
@ -80,26 +80,28 @@ end
|
|||
|
||||
-- Returns the file modification date/time of "path"
|
||||
function mtime(path)
|
||||
return lfs.attributes(path, "modification")
|
||||
return posix.stat(path, "mtime")
|
||||
end
|
||||
|
||||
-- Simplified dirname function
|
||||
function dirname(file)
|
||||
return string.gsub(file, "[^/]+$", "")
|
||||
-- basename wrapper
|
||||
function basename(path)
|
||||
return posix.basename(path)
|
||||
end
|
||||
|
||||
-- dirname wrapper
|
||||
function dirname(path)
|
||||
return posix.dirname(path)
|
||||
end
|
||||
|
||||
-- Diriterator - alias for lfs.dir - filter . and ..
|
||||
function dir(path)
|
||||
local e = {}
|
||||
for entry in lfs.dir(path) do
|
||||
if not(entry == "." or entry == "..") then
|
||||
table.insert(e, entry)
|
||||
end
|
||||
end
|
||||
local e = posix.dir(path)
|
||||
table.remove(e, 1)
|
||||
table.remove(e, 1)
|
||||
return e
|
||||
end
|
||||
|
||||
-- Alias for lfs.mkdir
|
||||
function mkdir(...)
|
||||
return lfs.mkdir(...)
|
||||
return posix.mkdir(...)
|
||||
end
|
||||
|
|
@ -31,7 +31,7 @@ require("ffluci.util")
|
|||
require("ffluci.config")
|
||||
|
||||
table = {}
|
||||
i18ndir = ffluci.fs.dirname(ffluci.util.__file__()) .. "i18n/"
|
||||
i18ndir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/i18n/"
|
||||
|
||||
-- Clears the translation table
|
||||
function clear()
|
||||
|
|
|
|||
|
|
@ -29,8 +29,8 @@ require("ffluci.fs")
|
|||
require("ffluci.util")
|
||||
require("ffluci.template")
|
||||
|
||||
ctrldir = ffluci.fs.dirname(ffluci.util.__file__()) .. "controller/"
|
||||
modelpath = ffluci.fs.dirname(ffluci.util.__file__()) .. "model/menudata.lua"
|
||||
ctrldir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/controller/"
|
||||
modelpath = ffluci.fs.dirname(ffluci.util.__file__()) .. "/model/menudata.lua"
|
||||
|
||||
-- Cache menudata into a Luafile instead of recollecting it at every pageload
|
||||
-- Warning: Make sure the menudata cache gets deleted everytime you update
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ limitations under the License.
|
|||
]]--
|
||||
|
||||
module("ffluci.sys", package.seeall)
|
||||
require("ffluci.fs")
|
||||
require("posix")
|
||||
|
||||
-- Returns the hostname
|
||||
function hostname()
|
||||
|
|
@ -38,11 +38,40 @@ function loadavg()
|
|||
return loadavg:match("^(.-) (.-) (.-) (.-) (.-)$")
|
||||
end
|
||||
|
||||
|
||||
group = {}
|
||||
group.getgroup = posix.getgroup
|
||||
|
||||
net = {}
|
||||
-- Returns all available network interfaces
|
||||
function net_devices()
|
||||
function net.devices()
|
||||
local devices = {}
|
||||
for line in io.lines("/proc/net/dev") do
|
||||
table.insert(devices, line:match(" *(.-):"))
|
||||
end
|
||||
return devices
|
||||
end
|
||||
|
||||
process = {}
|
||||
process.info = posix.getpid
|
||||
|
||||
-- Sets the gid of a process
|
||||
function process.setgroup(pid, gid)
|
||||
return posix.setpid("g", pid, gid)
|
||||
end
|
||||
|
||||
-- Sets the uid of a process
|
||||
function process.setuser(pid, uid)
|
||||
return posix.setpid("u", pid, uid)
|
||||
end
|
||||
|
||||
user = {}
|
||||
-- returns user information to a given uid
|
||||
user.getuser = posix.getpasswd
|
||||
|
||||
-- Changes the user password of given user
|
||||
function user.setpasswd(user, pwd1, pwd2)
|
||||
local cmd = "(echo '"..pwd1.."';sleep 1;echo '"..pwd2.."')|"
|
||||
cmd = cmd .. "passwd "..user.." 2>&1"
|
||||
return ffluci.util.exec(cmd)
|
||||
end
|
||||
|
|
@ -31,7 +31,7 @@ require("ffluci.fs")
|
|||
require("ffluci.i18n")
|
||||
require("ffluci.model.uci")
|
||||
|
||||
viewdir = ffluci.fs.dirname(ffluci.util.__file__()) .. "view/"
|
||||
viewdir = ffluci.fs.dirname(ffluci.util.__file__()) .. "/view/"
|
||||
|
||||
|
||||
-- Compile modes:
|
||||
|
|
|
|||
|
|
@ -150,6 +150,16 @@ function instanceof(object, class)
|
|||
end
|
||||
|
||||
|
||||
-- Creates valid XML PCDATA from a string
|
||||
function pcdata(value)
|
||||
value = value:gsub("&", "&")
|
||||
value = value:gsub('"', """)
|
||||
value = value:gsub("'", "'")
|
||||
value = value:gsub("<", "<")
|
||||
return value:gsub(">", ">")
|
||||
end
|
||||
|
||||
|
||||
-- Resets the scope of f doing a shallow copy of its scope into a new table
|
||||
function resfenv(f)
|
||||
setfenv(f, clone(getfenv(f)))
|
||||
|
|
|
|||
Loading…
Reference in a new issue