diff options
| author | Ted Trask <ttrask01@yahoo.com> | 2014-09-16 20:40:00 +0000 |
|---|---|---|
| committer | Ted Trask <ttrask01@yahoo.com> | 2014-09-16 20:40:00 +0000 |
| commit | 7d25635f278549eaac801f78e320e714fe61bf06 (patch) | |
| tree | 085dcf3ca805e3f569cb4e5feadc999e687d1b10 /freeradius3-model.lua | |
| parent | 674ea5218b182cb7ba2ba84e9e143f7cf1dd1862 (diff) | |
| download | acf-freeradius3-7d25635f278549eaac801f78e320e714fe61bf06.tar.bz2 acf-freeradius3-7d25635f278549eaac801f78e320e714fe61bf06.tar.xz | |
Modify passwd actions to detect readonly files and prevent modification
If you edit the file with editfile, the permissions will be changed to readwrite, making the file editable
Diffstat (limited to 'freeradius3-model.lua')
| -rw-r--r-- | freeradius3-model.lua | 25 |
1 files changed, 23 insertions, 2 deletions
diff --git a/freeradius3-model.lua b/freeradius3-model.lua index 4ec9037..83764c7 100644 --- a/freeradius3-model.lua +++ b/freeradius3-model.lua @@ -181,6 +181,8 @@ local get_passwd_file = function(self, clientdata, readonly) if f == retval.value.filename.value then retval.value.filename.errtxt = nil if readonly then retval.value.filename.readonly = true end + local stat = posix.stat(retval.value.filename.value) + retval.value.mode = cfe({ label="Permissions", value=stat.mode, seq=2, readonly=true }) passwdconfig = parse_passwd_config(configs[i]) break end @@ -195,6 +197,11 @@ end local get_passwd_entry_private = function(self, clientdata, create) local retval,passwdconfig = get_passwd_file(self, clientdata, true) retval.label = "Freeradius passwd entry" + if retval.value.mode and string.find(retval.value.mode.value, "^.%-") then + retval.value.filename.errtxt = "Readonly file" + return retval + end + retval.value.mode = nil local entry = 0 local entryline = {} if not create then @@ -483,13 +490,18 @@ end function mymodule.get_delete_passwd_entry(self, clientdata) local retval,passwdconfig = get_passwd_file(self, clientdata) retval.label = "Delete Freeradius passwd entry" - retval.value.filename.key = nil + if retval.value.mode and string.find(retval.value.mode.value, "^.%-") then + retval.value.filename.errtxt = "Readonly file" + return retval + end + retval.value.mode = nil retval.value.entry = cfe({ label="Entry index", seq=2 }) return retval end function mymodule.delete_passwd_entry(self, entry) - local success = modelfunctions.validateselect(entry.value.filename) + local success = (nil ~= entry.value.entry) + success = modelfunctions.validateselect(entry.value.filename) and success if success then local contenttable = fs.read_file_as_array(entry.value.filename.value) or {} if contenttable[tonumber(entry.value.entry.value) or 0] then @@ -509,6 +521,11 @@ end function mymodule.get_passwd(self, clientdata) local retval,passwdconfig = get_passwd_file(self, clientdata, true) retval.label = "Freeradius password" + if retval.value.mode and string.find(retval.value.mode.value, "^.%-") then + retval.value.filename.errtxt = "Readonly file" + return retval + end + retval.value.mode = nil retval.value.entry = cfe({ label="Entry index", key=true, seq=2 }) self.handle_clientdata(retval, clientdata) if passwdconfig then @@ -559,6 +576,10 @@ function mymodule.get_passwd(self, clientdata) end function mymodule.update_passwd(self, passwd) + if not passwd.value.entry then + passwd.errtxt = "Failed to set password" + return passwd + end -- The password/index fields have already been validated if not passwd.value.password then passwd.errtxt = "Invalid passwd entry" |