diff options
| author | Nathan Angelacos <nangel@tetrasec.net> | 2008-11-09 00:27:32 +0000 |
|---|---|---|
| committer | Nathan Angelacos <nangel@tetrasec.net> | 2008-11-09 00:27:32 +0000 |
| commit | 95e743197047cc4c2550563ea8ef323c9b1230fd (patch) | |
| tree | ef2f16f60fd30b3bdd405a177aa3ff3e3125556e | |
| parent | 004f2adfc85bed299c762e019120732fe90d597d (diff) | |
| download | acf-core-95e743197047cc4c2550563ea8ef323c9b1230fd.tar.bz2 acf-core-95e743197047cc4c2550563ea8ef323c9b1230fd.tar.xz | |
per-controller auditing now allowed via acf-hooks.lua
git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1582 ab2d0c66-481e-0410-8bed-d214d4d58bed
| -rw-r--r-- | acf-hooks.lua | 15 | ||||
| -rw-r--r-- | acf.conf | 6 | ||||
| -rw-r--r-- | lib/modelfunctions.lua | 34 | ||||
| -rwxr-xr-x | www/cgi-bin/mvc.lua | 14 |
4 files changed, 59 insertions, 10 deletions
diff --git a/acf-hooks.lua b/acf-hooks.lua new file mode 100644 index 0000000..203733a --- /dev/null +++ b/acf-hooks.lua @@ -0,0 +1,15 @@ +-- This file is loaded into self.conf.app_hooks as lua source code +-- The purpose is to add user-specified hooks into the acf code + +-- or functions. For functions, three variables are passed: +-- self, CONFFILE, and TEMPFILE + +--[[ This is commented out example code.. + +tinydns={ + audit_precommit = function (self, CONFFILE, TEMPFILE) + os.execute("echo this is tinydns's precommit command >> /var/log/acf.log") + end + audit_postcommit = "echo 'this is the tinydns postcommit command.' >>/var/log/acf.log " +} +]]-- @@ -1,6 +1,5 @@ # Configuration file for Alpine Configuration Framework - # Directories where the application resides appdir=/usr/share/acf/app/ libdir=/usr/share/acf/lib/ @@ -16,11 +15,12 @@ skin=alps passfile=/etc/acf/passwd -# Auditing can be done before and/or after a commit -# if the controller supports it. +# Auditing can be done before and/or after a commit (controller permitting) # ${TEMPFILE} and ${CONFFILE} are used precommit # only ${CONFFILE} has any meaning postcommit #audit_precommit=diff -u ${CONFFILE} ${TEMPFILE} >>/var/log/${self.conf.controller}.log 2>/dev/null #audit_postcommit=echo ${self.sessiondata.userinfo.userid} made a change to ${CONFFILE} >>/var/log/acf.log +# For specific controller-based auditing, create acf-hooks.lua +# in this directory (see svn sources for an example) diff --git a/lib/modelfunctions.lua b/lib/modelfunctions.lua index d94db78..57897ad 100644 --- a/lib/modelfunctions.lua +++ b/lib/modelfunctions.lua @@ -106,7 +106,10 @@ function setfiledetails(filedetails, validatefilename, validatefiledetails) success, filedetails = validatefiledetails(filedetails) end if success then - fs.write_file(filedetails.value.filename.value, filedetails.value.filecontent.value) + --fs.write_file(filedetails.value.filename.value, filedetails.value.filecontent.value) + -- NBA - FIXME? we pass the global "APP" to write_file_with_audit because it needs self + -- is that correct? Is there a better way to do it? + write_file_with_audit( APP, filedetails.value.filename.value, filedetails.value.filecontent.value) filedetails = getfiledetails(filedetails.value.filename.value) else filedetails.errtxt = "Failed to set file" @@ -154,21 +157,38 @@ function write_file_with_audit (self, path, str) CONFFILE=path _G.self=self - pre = format.expand_bash_syntax_vars(self.conf.audit_precommit or "" ) - post = format.expand_bash_syntax_vars(self.conf.audit_postcommit or "") + pre = self.conf.audit_precommit or "" + post = self.conf.audit_postcommit or "" + + local m = self.conf.app_hooks[self.conf.controller] or {} + if m.audit_precommit then pre = m.audit_precommit end + if m.audit_postcommit then post = m.audit_postcommit end + m=nil + + if (type(pre) == "string") then + pre = format.expand_bash_syntax_vars(pre) + end + if type (post) == "string" then + post = format.expand_bash_syntax_vars(post) + end TEMPFILE,CONFFILE,_G.self = a,b,c end - + fs.write_file(tmpfile,str) - if #pre then + if (type(pre) == "string" and #pre) then os.execute(pre) + elseif (type(pre) == "function") then + pre(self, path, tmpfile) end os.rename (tmpfile, path) - - if #post then + + if (type(post) == "string" and #post) then os.execute(post) + elseif (type(post) == "function") then + post(self, path, tmpfile) end return + end diff --git a/www/cgi-bin/mvc.lua b/www/cgi-bin/mvc.lua index aef3547..4ded73d 100755 --- a/www/cgi-bin/mvc.lua +++ b/www/cgi-bin/mvc.lua @@ -260,6 +260,20 @@ read_config = function( self, appname ) break end end + + if (#self.conf.confdir) then -- check for an appname-hooks.lua file + self.conf.app_hooks = {} + setmetatable (self.conf.app_hooks, {__index = _G}) + + -- loadfile loads into the global environment + -- so we set env 0, not env 1 + setfenv (0, self.conf.app_hooks) + local f = loadfile(self.conf.confdir .. "/" .. appname.. "-hooks.lua") + if (f) then f() end + setfenv (0, _G) + -- setmetatable (self.conf.app_hooks, {}) + end + end -- parse a "URI" like string into a prefix, controller and action |