diff options
| -rw-r--r-- | Makefile | 46 | ||||
| -rw-r--r-- | config.mk | 10 | ||||
| -rw-r--r-- | privdemo-controller.lua | 31 | ||||
| -rw-r--r-- | privdemo-html.lsp | 20 | ||||
| -rw-r--r-- | privdemo-model.lua | 25 | ||||
| -rw-r--r-- | privdemo.menu | 1 |
6 files changed, 133 insertions, 0 deletions
diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..da53404 --- /dev/null +++ b/Makefile @@ -0,0 +1,46 @@ +APP_NAME=sandbox +PACKAGE=acf-$(APP_NAME) +VERSION=0.1 + +APP_DIST=\ + privdemo-controller.lua \ + privdemo-model.lua \ + privdemo-html.lsp \ + privdemo.menu + +EXTRA_DIST=Makefile config.mk + +DISTFILES=$(APP_DIST) $(EXTRA_DIST) + +TAR=tar + +P=$(PACKAGE)-$(VERSION) +tarball=$(P).tar.bz2 +install_dir=$(DESTDIR)/$(appdir)/$(APP_NAME) + +all: +clean: + rm -rf $(tarball) $(P) + +dist: $(tarball) + +install: + mkdir -p "$(install_dir)" + cp -a $(APP_DIST) "$(install_dir)" + +$(tarball): $(DISTFILES) + rm -rf $(P) + mkdir -p $(P) + cp $(DISTFILES) $(P) + $(TAR) -jcf $@ $(P) + rm -rf $(P) + +# target that creates a tar package, unpacks is and install from package +dist-install: $(tarball) + $(TAR) -jxf $(tarball) + $(MAKE) -C $(P) install DESTDIR=$(DESTDIR) + rm -rf $(P) + +include config.mk + +.PHONY: all clean dist install dist-install diff --git a/config.mk b/config.mk new file mode 100644 index 0000000..45f4d21 --- /dev/null +++ b/config.mk @@ -0,0 +1,10 @@ +prefix=/usr +datadir=${prefix}/share +sysconfdir=${prefix}/etc +localstatedir=${prefix}/var +acfdir=${datadir}/acf +wwwdir=${acfdir}/www +cgibindir=${acfdir}/cgi-bin +appdir=${acfdir}/app +acflibdir=${acfdir}/lib +sessionsdir=${localstatedir}/lib/acf/sessions diff --git a/privdemo-controller.lua b/privdemo-controller.lua new file mode 100644 index 0000000..bd8507f --- /dev/null +++ b/privdemo-controller.lua @@ -0,0 +1,31 @@ +-- ipsec controller + +module(..., package.seeall) + +require("privsep") +require("posix") + +-- we drop privileges on load. in model we have defined what funcs should +-- have privileges in the table 'priv' +mvc ={} +function mvc.on_load(self) + self.priv = privsep.drop_privs("nobody", "nogroup", self.model.priv) +end + +function test(self) + local a = {} + a.model_uid = self.model.getuid() + a.priv_uid = self.priv.getuid() + return a +end + +-- we actually show out text +--function view_resolver(self) +-- return function(self) +-- local k,v +-- io.write("\n\nmy view resolver\n") +-- io.write("Parameters from controller: "..self.."\n") +-- print("my uid = ", posix.getpid().euid) +-- end +--end + diff --git a/privdemo-html.lsp b/privdemo-html.lsp new file mode 100644 index 0000000..e02b09a --- /dev/null +++ b/privdemo-html.lsp @@ -0,0 +1,20 @@ +<? local ctl = ... ?> + +<h1>IPSec</h1> + +<!-- +<form action="update" method="post"> +<p>Advanced config</p> +<textarea><?= form ?></textarea> +<p> +<input type="submit" name="Save" value="save"/> +</p> +</form> +--> + +<p>Testing privsep</p> +<dl> + <dt>model_uid</dt> <dd><?= ctl.model_uid ?></dd> + <dt>priv_uid</dt> <dd><?= ctl.priv_uid ?></dd> +</dl> + diff --git a/privdemo-model.lua b/privdemo-model.lua new file mode 100644 index 0000000..7103e2d --- /dev/null +++ b/privdemo-model.lua @@ -0,0 +1,25 @@ +-- ipsec controller + +module(..., package.seeall) + +require("posix") + +--------------------------------------------------------- +-- privileged funcs + +priv = {} +function priv.getuid() + return posix.getpid().euid +end + + + +------------------------------------------------------------- +-- Unprivileged funcs + +function getuid(self) + return posix.getpid().euid +end + + + diff --git a/privdemo.menu b/privdemo.menu new file mode 100644 index 0000000..1c6ce92 --- /dev/null +++ b/privdemo.menu @@ -0,0 +1 @@ +Test Privilege_separation Define test |