Auditing functions in place

git-svn-id: svn://svn.alpinelinux.org/acf/core/trunk@1536 ab2d0c66-481e-0410-8bed-d214d4d58bed

3 files changed, 70 insertions, 17 deletions

diff --git a/acf.conf b/acf.conf
index d0dcecd..8246e04 100644
--- a/acf.conf
+++ b/acf.conf
@@ -1,7 +1,26 @@
+# Configuration file for Alpine Configuration Framework
+
+
+# Directories where the application resides
 appdir=/usr/share/acf/app/
 libdir=/usr/share/acf/lib/
+
+# sessiondir is where the session state files are stored
 sessiondir=/tmp/
+
+# ACF is skinnable - these specifiy the active skin
 skindir=/skins/
-# ice or snow
 skin=alps
+
+# The login system credentials file
 passfile=/etc/acf/passwd
+
+
+# Auditing can be done before and/or after a commit
+# if the controller supports it.
+# ${TEMPFILE} and ${CONFFILE} are used precommit
+# only ${CONFFILE} has any meaning postcommit
+
+#audit_precommit=diff -u ${CONFFILE} ${TEMPFILE} >>/var/log/${self.conf.controller}.log 2>/dev/null
+#audit_postcommit=echo ${self.sessiondata.userinfo.userid} made a change to ${CONFFILE} >>/var/log/acf.log
+
diff --git a/lib/format.lua b/lib/format.lua
index 057bc03..1407b97 100644
--- a/lib/format.lua
+++ b/lib/format.lua
@@ -187,22 +187,22 @@ end
 
 -- Takes a str and expands any ${...} constructs with the Lua variable
 -- ex: a="foo"; print(expand_bash_syntax_vars("a=${a}) - > "a=foo"
-
-function expand_bash_syntax_vars ( str )
-	local deref = function ( f)
-		local v = _G
-		for w in string.gfind(f, "[%w_]+") do
-			v = v[w]
-		end
-		return v
-	end
-
-	for w in string.gmatch (str, "${[^}]*}" ) do
-		local rvar = string.sub(w,3,-2)
-		local rval = ( deref(rvar) or "nil" )
-		str = string.gsub (str, w, rval)
-	end
-	return (str)
+expand_bash_syntax_vars = function (str)
+  
+  local deref = function ( f)
+    local v = getfenv(3) -- get the upstream global env
+    for w in string.gfind(f, "[%w_]+") do
+      if v then v = v[w] end
+    end
+  return v
+  end
+
+  for w in string.gmatch (str, "${[^}]*}" ) do
+        local rvar = string.sub(w,3,-2)
+        local rval = ( deref(rvar) or "nil" )
+        str = string.gsub (str, w, rval)
+  end
+ return (str)
 end
 
 -- Removes the linenum line from str and replaces it with line.
diff --git a/lib/modelfunctions.lua b/lib/modelfunctions.lua
index ef0513c..d311ff6 100644
--- a/lib/modelfunctions.lua
+++ b/lib/modelfunctions.lua
@@ -103,3 +103,37 @@ function validatemulti(multi)
 	end
 	return true
 end
+
+
+function write_file_with_audit (self, path, str)
+	local pre = ""
+	local post = ""
+	local tmpfile = (self.conf.sessiondir or "/tmp/") .. 
+		(self.sessiondata.userinfo.userid or "unknown") .. "-" ..
+		 os.time() .. ".tmp"
+	
+	if type(self.conf) == "table" then
+		-- we make temporary globals for expand_bash_syntax_vars
+		local a,b,c = TEMPFILE,CONFFILE,_G.self
+		TEMPFILE=tmpfile
+		CONFFILE=path
+		_G.self=self
+
+		pre = format.expand_bash_syntax_vars(self.conf.audit_precommit or "" )
+		post = format.expand_bash_syntax_vars(self.conf.audit_postcommit or "")
+		TEMPFILE,CONFFILE,_G.self = a,b,c
+	end
+	
+	fs.write_file(tmpfile,str)
+	
+	if #pre then
+		os.execute(pre)
+	end
+	
+	os.rename (tmpfile, path)
+	
+	if #post then
+		os.execute(post)
+	end
+	return
+end