/* Read and execute an lua file. Used from sb2-show, useful * for debugging and benchmarking since the script is executed * in a context which already contains all SB2's varariables etc. * Note that this function is exported from libsb2.so: */ void sb2__load_and_execute_lua_file__(const char *filename) { struct lua_instance *luaif; luaif = get_lua(); load_and_execute_lua_file(luaif, filename); release_lua(luaif); }
void sb_push_string_to_lua_stack(char *str) { struct lua_instance *luaif = get_lua(); if (luaif) { lua_pushstring(luaif->lua, str); release_lua(luaif); } }
/* Read string variables from lua. * Note that this function is exported from libsb2.so (for sb2-show etc): */ char *sb2__read_string_variable_from_lua__(const char *name) { struct lua_instance *luaif; char *cp; luaif = get_lua(); cp = read_string_variable_from_lua(luaif, name); release_lua(luaif); return(cp); }
/* Exec preprocessor: * (previously known as "sb_execve_mod") */ int sb_execve_preprocess(char **file, char ***argv, char ***envp) { struct lua_instance *luaif = get_lua(); int res, new_argc, new_envc; if (!luaif) return(0); if (!argv || !envp) { SB_LOG(SB_LOGLEVEL_ERROR, "ERROR: sb_argvenvp: (argv || envp) == NULL"); release_lua(luaif); return -1; } if (getenv("SBOX_DISABLE_ARGVENVP")) { SB_LOG(SB_LOGLEVEL_DEBUG, "sb_argvenvp disabled(E):"); release_lua(luaif); return 0; } SB_LOG(SB_LOGLEVEL_NOISE, "sb_execve_preprocess: gettop=%d", lua_gettop(luaif->lua)); lua_getfield(luaif->lua, LUA_GLOBALSINDEX, "sbox_execve_preprocess"); lua_pushstring(luaif->lua, *file); free(*file); strvec_to_lua_table(luaif, *argv); strvec_free(*argv); strvec_to_lua_table(luaif, *envp); strvec_free(*envp); /* args: binaryname, argv, envp * returns: err, file, argc, argv, envc, envp */ lua_call(luaif->lua, 3, 6); res = lua_tointeger(luaif->lua, -6); *file = strdup(lua_tostring(luaif->lua, -5)); new_argc = lua_tointeger(luaif->lua, -4); new_envc = lua_tointeger(luaif->lua, -2); lua_string_table_to_strvec(luaif, -3, argv, new_argc); lua_string_table_to_strvec(luaif, -1, envp, new_envc); /* remove sbox_execve_preprocess' return values from the stack. */ lua_pop(luaif->lua, 6); SB_LOG(SB_LOGLEVEL_NOISE, "sb_execve_preprocess: at exit, gettop=%d", lua_gettop(luaif->lua)); release_lua(luaif); return res; }
int main(int argc, char *argv[]) { if (argc < 2) { puts("*** call like this: ./get_css_path ./script.mfl"); exit(1); } // set up embedded lua interpreter and run on script lua_State *L = get_lua(argv[1]); //// get css file as string char *csspath = get_css_path(argv[1]); char *css_str = string_from_file(csspath); free(csspath); char *key = "test.one"; char *tag = calloc(strlen(key), 1); strcat(tag, "["); strcat(tag, key); strcat(tag, "]"); char *cursor = strstr(css_str, tag); if( ! cursor ) { warn("[%s] not found", key); exit(1); } walk_lua_global(L, key); // attrs will be garbage is nothing found char *attrs = stack_index_as_css(L, -1, key, css_str, cursor); puts(attrs); return(0); }
/* Map script interpreter: * Called with "rule" and "exec_policy" already in lua's stack, * leaves (possibly modified) "rule" and "exec_policy" to lua's stack. */ char *sb_execve_map_script_interpreter( const char *interpreter, const char *interp_arg, const char *mapped_script_filename, const char *orig_script_filename, char ***argv, char ***envp) { struct lua_instance *luaif; char *mapped_interpreter; int new_argc, new_envc; int res; luaif = get_lua(); if (!luaif) return(0); if (!argv || !envp) { SB_LOG(SB_LOGLEVEL_ERROR, "ERROR: sb_execve_map_script_interpreter: " "(argv || envp) == NULL"); release_lua(luaif); return NULL; } SB_LOG(SB_LOGLEVEL_NOISE, "sb_execve_map_script_interpreter: gettop=%d" " interpreter=%s interp_arg=%s " "mapped_script_filename=%s orig_script_filename=%s", lua_gettop(luaif->lua), interpreter, interp_arg, mapped_script_filename, orig_script_filename); lua_getfield(luaif->lua, LUA_GLOBALSINDEX, "sb_execve_map_script_interpreter"); /* stack now contains "rule", "exec_policy" and * "sb_execve_map_script_interpreter". * move "sb_execve_map_script_interpreter" to the bottom : */ lua_insert(luaif->lua, -3); lua_pushstring(luaif->lua, interpreter); if (interp_arg) lua_pushstring(luaif->lua, interp_arg); else lua_pushnil(luaif->lua); lua_pushstring(luaif->lua, mapped_script_filename); lua_pushstring(luaif->lua, orig_script_filename); strvec_to_lua_table(luaif, *argv); strvec_to_lua_table(luaif, *envp); /* args: rule, exec_policy, interpreter, interp_arg, * mapped_script_filename, orig_script_filename, * argv, envp * returns: rule, policy, result, mapped_interpreter, #argv, argv, * #envp, envp * "result" is one of: * 0: argv / envp were modified; mapped_interpreter was set * 1: argv / envp were not modified; mapped_interpreter was set * -1: deny exec. */ if(SB_LOG_IS_ACTIVE(SB_LOGLEVEL_NOISE3)) { dump_lua_stack("sb_execve_map_script_interpreter M1", luaif->lua); } SB_LOG(SB_LOGLEVEL_NOISE, "sb_execve_map_script_interpreter: call lua, gettop=%d", lua_gettop(luaif->lua)); lua_call(luaif->lua, 8, 8); SB_LOG(SB_LOGLEVEL_NOISE, "sb_execve_map_script_interpreter: return from lua, gettop=%d", lua_gettop(luaif->lua)); if(SB_LOG_IS_ACTIVE(SB_LOGLEVEL_NOISE3)) { dump_lua_stack("sb_execve_map_script_interpreter M2", luaif->lua); } mapped_interpreter = (char *)lua_tostring(luaif->lua, -5); if (mapped_interpreter) mapped_interpreter = strdup(mapped_interpreter); res = lua_tointeger(luaif->lua, -6); switch (res) { case 0: /* exec arguments were modified, replace contents of * argv and envp vectors */ SB_LOG(SB_LOGLEVEL_DEBUG, "sb_execve_map_script_interpreter: Updated argv&envp"); strvec_free(*argv); new_argc = lua_tointeger(luaif->lua, -4); lua_string_table_to_strvec(luaif, -3, argv, new_argc); new_envc = lua_tointeger(luaif->lua, -2); strvec_free(*envp); lua_string_table_to_strvec(luaif, -1, envp, new_envc); /* remove return values from the stack, leave rule & policy. */ lua_pop(luaif->lua, 6); break; case 1: SB_LOG(SB_LOGLEVEL_DEBUG, "sb_execve_map_script_interpreter: argv&envp were not modified"); /* remove return values from the stack, leave rule & policy. */ lua_pop(luaif->lua, 6); break; case 2: SB_LOG(SB_LOGLEVEL_DEBUG, "sb_execve_map_script_interpreter: use sbox_map_path_for_exec"); /* remove all return values from the stack. */ lua_pop(luaif->lua, 8); if (mapped_interpreter) free(mapped_interpreter); mapped_interpreter = NULL; { mapping_results_t mapping_result; clear_mapping_results_struct(&mapping_result); sbox_map_path_for_exec("script_interp", interpreter, &mapping_result); if (mapping_result.mres_result_buf) { mapped_interpreter = strdup(mapping_result.mres_result_buf); } free_mapping_results(&mapping_result); } SB_LOG(SB_LOGLEVEL_DEBUG, "sb_execve_map_script_interpreter: " "interpreter=%s mapped_interpreter=%s", interpreter, mapped_interpreter); break; case -1: SB_LOG(SB_LOGLEVEL_DEBUG, "sb_execve_map_script_interpreter: exec denied"); /* remove return values from the stack, leave rule & policy. */ lua_pop(luaif->lua, 6); if (mapped_interpreter) free(mapped_interpreter); mapped_interpreter = NULL; break; default: SB_LOG(SB_LOGLEVEL_ERROR, "sb_execve_map_script_interpreter: Unsupported result %d", res); /* remove return values from the stack, leave rule & policy. */ lua_pop(luaif->lua, 6); break; } if(SB_LOG_IS_ACTIVE(SB_LOGLEVEL_NOISE3)) { dump_lua_stack("sb_execve_map_script_interpreter E2", luaif->lua); } SB_LOG(SB_LOGLEVEL_NOISE, "sb_execve_map_script_interpreter: at exit, gettop=%d", lua_gettop(luaif->lua)); release_lua(luaif); return mapped_interpreter; }
/* Exec Postprocessing: * Called with "rule" and "exec_policy" already in lua's stack. */ int sb_execve_postprocess(char *exec_type, char **mapped_file, char **filename, const char *binary_name, char ***argv, char ***envp) { struct lua_instance *luaif; int res, new_argc; int replace_environment = 0; luaif = get_lua(); if (!luaif) return(0); if(SB_LOG_IS_ACTIVE(SB_LOGLEVEL_NOISE3)) { dump_lua_stack("sb_execve_postprocess entry", luaif->lua); } if (!argv || !envp) { SB_LOG(SB_LOGLEVEL_ERROR, "ERROR: sb_argvenvp: (argv || envp) == NULL"); release_lua(luaif); return -1; } SB_LOG(SB_LOGLEVEL_NOISE, "sb_execve_postprocess: gettop=%d", lua_gettop(luaif->lua)); lua_getfield(luaif->lua, LUA_GLOBALSINDEX, "sb_execve_postprocess"); /* stack now contains "rule", "exec_policy" and "sb_execve_postprocess". * move "sb_execve_postprocess" to the bottom : */ lua_insert(luaif->lua, -3); lua_pushstring(luaif->lua, exec_type); lua_pushstring(luaif->lua, *mapped_file); lua_pushstring(luaif->lua, *filename); lua_pushstring(luaif->lua, binary_name); strvec_to_lua_table(luaif, *argv); strvec_to_lua_table(luaif, *envp); /* args: rule, exec_policy, exec_type, mapped_file, filename, * binaryname, argv, envp * returns: res, mapped_file, filename, argc, argv, envc, envp */ lua_call(luaif->lua, 8, 7); res = lua_tointeger(luaif->lua, -7); switch (res) { case 0: /* exec arguments were modified, replace contents of * argv vector */ SB_LOG(SB_LOGLEVEL_DEBUG, "sb_execve_postprocess: Updated argv&envp"); free(*mapped_file); *mapped_file = strdup(lua_tostring(luaif->lua, -6)); free(*filename); *filename = strdup(lua_tostring(luaif->lua, -5)); strvec_free(*argv); new_argc = lua_tointeger(luaif->lua, -4); lua_string_table_to_strvec(luaif, -3, argv, new_argc); replace_environment = 1; break; case 1: SB_LOG(SB_LOGLEVEL_DEBUG, "sb_execve_postprocess: argv was not modified"); /* always update environment when we are going to exec */ replace_environment = 1; break; case -1: SB_LOG(SB_LOGLEVEL_DEBUG, "sb_execve_postprocess: exec denied"); break; default: SB_LOG(SB_LOGLEVEL_ERROR, "sb_execve_postprocess: Unsupported result %d", res); break; } if (replace_environment) { int new_envc; new_envc = lua_tointeger(luaif->lua, -2); strvec_free(*envp); lua_string_table_to_strvec(luaif, -1, envp, new_envc); } /* remove sb_execve_postprocess return values from the stack. */ lua_pop(luaif->lua, 7); SB_LOG(SB_LOGLEVEL_NOISE, "sb_execve_postprocess: at exit, gettop=%d", lua_gettop(luaif->lua)); release_lua(luaif); return res; }