From da2aa81f7cf24ec58c78f781d13fb6dda0c18dd1 Mon Sep 17 00:00:00 2001
From: Ted Trask <ttrask01@yahoo.com>
Date: Wed, 23 Jul 2008 12:34:44 +0000
Subject: Modified tinydns to implement access control.

git-svn-id: svn://svn.alpinelinux.org/acf/tinydns/trunk@1316 ab2d0c66-481e-0410-8bed-d214d4d58bed
---
 tinydns-model.lua | 70 +++++++++++++++++++++++++++++++++++--------------------
 1 file changed, 45 insertions(+), 25 deletions(-)

(limited to 'tinydns-model.lua')

diff --git a/tinydns-model.lua b/tinydns-model.lua
index 7a0f411..9f73000 100644
--- a/tinydns-model.lua
+++ b/tinydns-model.lua
@@ -91,21 +91,27 @@ local function split_config_items(orgitem)
 	return output
 end
 
--- Feed the configfiles table with list of all availage configfiles
-local function searchforconfigfiles()
+-- Feed the configfiles table with list of all available and allowed configfiles
+local function searchforconfigfiles(allowedlist)
+	if #configfiles > 0 then return configfiles end
 	local cnffile = {}
 	recursedir(configdir, cnffile)
-	for k,v in pairs(cnffile) do
-		local configcontent = get_value_from_file(v)
-		if (configcontent) then
-			table.insert(configfiles, v)
+	if allowedlist then
+		local reverseallowed = {}
+		for x,name in ipairs(allowedlist) do reverseallowed[name] = x end
+		for k,v in pairs(cnffile) do
+			if reverseallowed[v] then
+				table.insert(configfiles, v)
+			end
 		end
+	else
+		configfiles = cnffile
 	end
+	return configfiles
 end
-searchforconfigfiles()
 
 local function validfilename(path)
-	for k,v in pairs(getfilelist().value) do
+	for k,v in pairs(configfiles) do
 		if (v == path) then
 			return true
 		end
@@ -129,12 +135,6 @@ function getstatus()
 		value=configdir,
 		})
 
-	status.value.configfiles = cfe({
-		type="list",
-		label="Config files",
-		value=configfiles,
-		})
-
 	local config = getconfig()
 	status.value.listen = config.value.listen
 
@@ -171,7 +171,8 @@ end
 
 -- If you enter 'filter_type' (this should be one of the options found in local function check_signs() ) then
 -- the output will be filtered to only contain this type of data.
-function getconfigobjects(file_name, filter_type)
+function getconfigobjects(file_name, allowedfiles, filter_type)
+	configfiles = searchforconfigfiles(allowedfiles)
 	local configobjects = {}
 	--Loop through all available configfiles
 	for i,filename in pairs(configfiles) do
@@ -228,18 +229,24 @@ function getconfigobjects(file_name, filter_type)
 	return cfe({ type="structure", value=configobjects, label="DNS Entries", filename=file_name, fieldlabels=descr.fieldlabels })
 end
 
-function getfilelist ()
-	local listed_files = {}
-	recursedir(configdir, listed_files)
-
-	return cfe({ type="list", value=listed_files, label="List of config files" })
+function getfilelist(allowedfiles)
+	configfiles = searchforconfigfiles(allowedfiles)
+	return cfe({ type="list", value=configfiles, label="List of config files" })
 end
 
-function get_filedetails(path)
-	return modelfunctions.getfiledetails(path)
+function get_filedetails(path, allowedfiles)
+	configfiles = searchforconfigfiles(allowedfiles)
+	if not validfilename(path) then
+		local result = modelfunctions.getfiledetails("")
+		result.value.filename.value = path
+		return result
+	else
+		return modelfunctions.getfiledetails(path)
+	end
 end
 
-function set_filedetails (filedetails)
+function set_filedetails (filedetails, allowedfiles)
+	configfiles = searchforconfigfiles(allowedfiles)
 	filedetails.value.filecontent.value = string.gsub(format.dostounix(filedetails.value.filecontent.value), "\n+$", "")
 	local success, errtxt = validfilename(filedetails.value.filename.value)
 	if success then
@@ -259,7 +266,7 @@ function getnewconfigfile()
 	return cfe({ type="group", value=options, label="New config file" })
 end
 
-function createconfigfile(configfile)
+function createconfigfile(self, configfile, allowedfiles)
 	configfile.errtxt = "Failed to create file"
 	local path = configfile.value.filename.value
 	local validfilepath, filepatherror = validator.is_valid_filename(path,configdir)
@@ -270,6 +277,18 @@ function createconfigfile(configfile)
 			local file = io.open(path, "w")
 			file:close()
 			configfile.errtxt = nil
+
+			-- We have to add this file to the allowed list
+			local found = false
+			for i,name in ipairs(allowedfiles) do
+				if name == configfile.value.filename.value then found = true break end
+			end
+			if not found then
+				-- this modifies the session
+				allowedfiles[#allowedfiles + 1] = configfile.value.filename.value
+				require("authenticator")
+				authenticator.change_setting(self, self.sessiondata.userinfo.userid, "dnsfiles", allowedfiles)
+			end
 		end
 	else
 		configfile.value.filename.errtxt = filepatherror
@@ -278,7 +297,8 @@ function createconfigfile(configfile)
 	return configfile
 end
 
-function remove_file(path)
+function remove_file(path, allowedfiles)
+	configfiles = searchforconfigfiles(allowedfiles)
 	local success = "Failed to delete file"
 	local errtxt
 	if not (fs.is_file(path)) then
-- 
cgit v1.2.3