From 92838457c6cb3ccbba0f1f69c41d1da9c6f7c2d7 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Fri, 16 Nov 2007 07:45:20 +0000 Subject: moved priv separation demo to sandbox git-svn-id: svn://svn.alpinelinux.org/acf/sandbox/trunk@314 ab2d0c66-481e-0410-8bed-d214d4d58bed --- Makefile | 46 ++++++++++++++++++++++++++++++++++++++++++++++ config.mk | 10 ++++++++++ privdemo-controller.lua | 31 +++++++++++++++++++++++++++++++ privdemo-html.lsp | 20 ++++++++++++++++++++ privdemo-model.lua | 25 +++++++++++++++++++++++++ privdemo.menu | 1 + 6 files changed, 133 insertions(+) create mode 100644 Makefile create mode 100644 config.mk create mode 100644 privdemo-controller.lua create mode 100644 privdemo-html.lsp create mode 100644 privdemo-model.lua create mode 100644 privdemo.menu diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..da53404 --- /dev/null +++ b/Makefile @@ -0,0 +1,46 @@ +APP_NAME=sandbox +PACKAGE=acf-$(APP_NAME) +VERSION=0.1 + +APP_DIST=\ + privdemo-controller.lua \ + privdemo-model.lua \ + privdemo-html.lsp \ + privdemo.menu + +EXTRA_DIST=Makefile config.mk + +DISTFILES=$(APP_DIST) $(EXTRA_DIST) + +TAR=tar + +P=$(PACKAGE)-$(VERSION) +tarball=$(P).tar.bz2 +install_dir=$(DESTDIR)/$(appdir)/$(APP_NAME) + +all: +clean: + rm -rf $(tarball) $(P) + +dist: $(tarball) + +install: + mkdir -p "$(install_dir)" + cp -a $(APP_DIST) "$(install_dir)" + +$(tarball): $(DISTFILES) + rm -rf $(P) + mkdir -p $(P) + cp $(DISTFILES) $(P) + $(TAR) -jcf $@ $(P) + rm -rf $(P) + +# target that creates a tar package, unpacks is and install from package +dist-install: $(tarball) + $(TAR) -jxf $(tarball) + $(MAKE) -C $(P) install DESTDIR=$(DESTDIR) + rm -rf $(P) + +include config.mk + +.PHONY: all clean dist install dist-install diff --git a/config.mk b/config.mk new file mode 100644 index 0000000..45f4d21 --- /dev/null +++ b/config.mk @@ -0,0 +1,10 @@ +prefix=/usr +datadir=${prefix}/share +sysconfdir=${prefix}/etc +localstatedir=${prefix}/var +acfdir=${datadir}/acf +wwwdir=${acfdir}/www +cgibindir=${acfdir}/cgi-bin +appdir=${acfdir}/app +acflibdir=${acfdir}/lib +sessionsdir=${localstatedir}/lib/acf/sessions diff --git a/privdemo-controller.lua b/privdemo-controller.lua new file mode 100644 index 0000000..bd8507f --- /dev/null +++ b/privdemo-controller.lua @@ -0,0 +1,31 @@ +-- ipsec controller + +module(..., package.seeall) + +require("privsep") +require("posix") + +-- we drop privileges on load. in model we have defined what funcs should +-- have privileges in the table 'priv' +mvc ={} +function mvc.on_load(self) + self.priv = privsep.drop_privs("nobody", "nogroup", self.model.priv) +end + +function test(self) + local a = {} + a.model_uid = self.model.getuid() + a.priv_uid = self.priv.getuid() + return a +end + +-- we actually show out text +--function view_resolver(self) +-- return function(self) +-- local k,v +-- io.write("\n\nmy view resolver\n") +-- io.write("Parameters from controller: "..self.."\n") +-- print("my uid = ", posix.getpid().euid) +-- end +--end + diff --git a/privdemo-html.lsp b/privdemo-html.lsp new file mode 100644 index 0000000..e02b09a --- /dev/null +++ b/privdemo-html.lsp @@ -0,0 +1,20 @@ + + +

IPSec

+ + + +

Testing privsep

+
+
model_uid
+
priv_uid
+
+ diff --git a/privdemo-model.lua b/privdemo-model.lua new file mode 100644 index 0000000..7103e2d --- /dev/null +++ b/privdemo-model.lua @@ -0,0 +1,25 @@ +-- ipsec controller + +module(..., package.seeall) + +require("posix") + +--------------------------------------------------------- +-- privileged funcs + +priv = {} +function priv.getuid() + return posix.getpid().euid +end + + + +------------------------------------------------------------- +-- Unprivileged funcs + +function getuid(self) + return posix.getpid().euid +end + + + diff --git a/privdemo.menu b/privdemo.menu new file mode 100644 index 0000000..1c6ce92 --- /dev/null +++ b/privdemo.menu @@ -0,0 +1 @@ +Test Privilege_separation Define test -- cgit v1.2.3