/* Read and execute an lua file. Used from sb2-show, useful
* for debugging and benchmarking since the script is executed
* in a context which already contains all SB2's varariables etc.
* Note that this function is exported from libsb2.so:
*/
void sb2__load_and_execute_lua_file__(const char *filename)
{
struct lua_instance *luaif;
luaif = get_lua();
load_and_execute_lua_file(luaif, filename);
release_lua(luaif);
}
void sb_push_string_to_lua_stack(char *str)
{
struct lua_instance *luaif = get_lua();
if (luaif) {
lua_pushstring(luaif->lua, str);
release_lua(luaif);
}
}
/* Read string variables from lua.
* Note that this function is exported from libsb2.so (for sb2-show etc): */
char *sb2__read_string_variable_from_lua__(const char *name)
{
struct lua_instance *luaif;
char *cp;
luaif = get_lua();
cp = read_string_variable_from_lua(luaif, name);
release_lua(luaif);
return(cp);
}
/* Exec preprocessor:
* (previously known as "sb_execve_mod")
*/
int sb_execve_preprocess(char **file, char ***argv, char ***envp)
{
struct lua_instance *luaif = get_lua();
int res, new_argc, new_envc;
if (!luaif) return(0);
if (!argv || !envp) {
SB_LOG(SB_LOGLEVEL_ERROR,
"ERROR: sb_argvenvp: (argv || envp) == NULL");
release_lua(luaif);
return -1;
}
if (getenv("SBOX_DISABLE_ARGVENVP")) {
SB_LOG(SB_LOGLEVEL_DEBUG, "sb_argvenvp disabled(E):");
release_lua(luaif);
return 0;
}
SB_LOG(SB_LOGLEVEL_NOISE,
"sb_execve_preprocess: gettop=%d", lua_gettop(luaif->lua));
lua_getfield(luaif->lua, LUA_GLOBALSINDEX, "sbox_execve_preprocess");
lua_pushstring(luaif->lua, *file);
free(*file);
strvec_to_lua_table(luaif, *argv);
strvec_free(*argv);
strvec_to_lua_table(luaif, *envp);
strvec_free(*envp);
/* args: binaryname, argv, envp
* returns: err, file, argc, argv, envc, envp */
lua_call(luaif->lua, 3, 6);
res = lua_tointeger(luaif->lua, -6);
*file = strdup(lua_tostring(luaif->lua, -5));
new_argc = lua_tointeger(luaif->lua, -4);
new_envc = lua_tointeger(luaif->lua, -2);
lua_string_table_to_strvec(luaif, -3, argv, new_argc);
lua_string_table_to_strvec(luaif, -1, envp, new_envc);
/* remove sbox_execve_preprocess' return values from the stack. */
lua_pop(luaif->lua, 6);
SB_LOG(SB_LOGLEVEL_NOISE,
"sb_execve_preprocess: at exit, gettop=%d", lua_gettop(luaif->lua));
release_lua(luaif);
return res;
}
int main(int argc, char *argv[]) {
if (argc < 2) {
puts("*** call like this: ./get_css_path ./script.mfl");
exit(1);
}
// set up embedded lua interpreter and run on script
lua_State *L = get_lua(argv[1]);
//// get css file as string
char *csspath = get_css_path(argv[1]);
char *css_str = string_from_file(csspath);
free(csspath);
char *key = "test.one";
char *tag = calloc(strlen(key), 1);
strcat(tag, "[");
strcat(tag, key);
strcat(tag, "]");
char *cursor = strstr(css_str, tag);
if( ! cursor ) {
warn("[%s] not found", key);
exit(1);
}
walk_lua_global(L, key);
// attrs will be garbage is nothing found
char *attrs = stack_index_as_css(L, -1, key, css_str, cursor);
puts(attrs);
return(0);
}
/* Map script interpreter:
* Called with "rule" and "exec_policy" already in lua's stack,
* leaves (possibly modified) "rule" and "exec_policy" to lua's stack.
*/
char *sb_execve_map_script_interpreter(
const char *interpreter,
const char *interp_arg,
const char *mapped_script_filename,
const char *orig_script_filename,
char ***argv,
char ***envp)
{
struct lua_instance *luaif;
char *mapped_interpreter;
int new_argc, new_envc;
int res;
luaif = get_lua();
if (!luaif) return(0);
if (!argv || !envp) {
SB_LOG(SB_LOGLEVEL_ERROR,
"ERROR: sb_execve_map_script_interpreter: "
"(argv || envp) == NULL");
release_lua(luaif);
return NULL;
}
SB_LOG(SB_LOGLEVEL_NOISE,
"sb_execve_map_script_interpreter: gettop=%d"
" interpreter=%s interp_arg=%s "
"mapped_script_filename=%s orig_script_filename=%s",
lua_gettop(luaif->lua), interpreter, interp_arg,
mapped_script_filename, orig_script_filename);
lua_getfield(luaif->lua, LUA_GLOBALSINDEX,
"sb_execve_map_script_interpreter");
/* stack now contains "rule", "exec_policy" and
* "sb_execve_map_script_interpreter".
* move "sb_execve_map_script_interpreter" to the bottom : */
lua_insert(luaif->lua, -3);
lua_pushstring(luaif->lua, interpreter);
if (interp_arg) lua_pushstring(luaif->lua, interp_arg);
else lua_pushnil(luaif->lua);
lua_pushstring(luaif->lua, mapped_script_filename);
lua_pushstring(luaif->lua, orig_script_filename);
strvec_to_lua_table(luaif, *argv);
strvec_to_lua_table(luaif, *envp);
/* args: rule, exec_policy, interpreter, interp_arg,
* mapped_script_filename, orig_script_filename,
* argv, envp
* returns: rule, policy, result, mapped_interpreter, #argv, argv,
* #envp, envp
* "result" is one of:
* 0: argv / envp were modified; mapped_interpreter was set
* 1: argv / envp were not modified; mapped_interpreter was set
* -1: deny exec.
*/
if(SB_LOG_IS_ACTIVE(SB_LOGLEVEL_NOISE3)) {
dump_lua_stack("sb_execve_map_script_interpreter M1", luaif->lua);
}
SB_LOG(SB_LOGLEVEL_NOISE,
"sb_execve_map_script_interpreter: call lua, gettop=%d",
lua_gettop(luaif->lua));
lua_call(luaif->lua, 8, 8);
SB_LOG(SB_LOGLEVEL_NOISE,
"sb_execve_map_script_interpreter: return from lua, gettop=%d",
lua_gettop(luaif->lua));
if(SB_LOG_IS_ACTIVE(SB_LOGLEVEL_NOISE3)) {
dump_lua_stack("sb_execve_map_script_interpreter M2", luaif->lua);
}
mapped_interpreter = (char *)lua_tostring(luaif->lua, -5);
if (mapped_interpreter) mapped_interpreter = strdup(mapped_interpreter);
res = lua_tointeger(luaif->lua, -6);
switch (res) {
case 0:
/* exec arguments were modified, replace contents of
* argv and envp vectors */
SB_LOG(SB_LOGLEVEL_DEBUG,
"sb_execve_map_script_interpreter: Updated argv&envp");
strvec_free(*argv);
new_argc = lua_tointeger(luaif->lua, -4);
lua_string_table_to_strvec(luaif, -3, argv, new_argc);
new_envc = lua_tointeger(luaif->lua, -2);
strvec_free(*envp);
lua_string_table_to_strvec(luaif, -1, envp, new_envc);
/* remove return values from the stack, leave rule & policy. */
lua_pop(luaif->lua, 6);
break;
case 1:
SB_LOG(SB_LOGLEVEL_DEBUG,
"sb_execve_map_script_interpreter: argv&envp were not modified");
/* remove return values from the stack, leave rule & policy. */
lua_pop(luaif->lua, 6);
break;
case 2:
SB_LOG(SB_LOGLEVEL_DEBUG,
"sb_execve_map_script_interpreter: use sbox_map_path_for_exec");
/* remove all return values from the stack. */
lua_pop(luaif->lua, 8);
if (mapped_interpreter) free(mapped_interpreter);
mapped_interpreter = NULL;
{
mapping_results_t mapping_result;
clear_mapping_results_struct(&mapping_result);
sbox_map_path_for_exec("script_interp",
interpreter, &mapping_result);
if (mapping_result.mres_result_buf) {
mapped_interpreter =
strdup(mapping_result.mres_result_buf);
}
free_mapping_results(&mapping_result);
}
SB_LOG(SB_LOGLEVEL_DEBUG, "sb_execve_map_script_interpreter: "
"interpreter=%s mapped_interpreter=%s",
interpreter, mapped_interpreter);
break;
case -1:
SB_LOG(SB_LOGLEVEL_DEBUG,
"sb_execve_map_script_interpreter: exec denied");
/* remove return values from the stack, leave rule & policy. */
lua_pop(luaif->lua, 6);
if (mapped_interpreter) free(mapped_interpreter);
mapped_interpreter = NULL;
break;
default:
SB_LOG(SB_LOGLEVEL_ERROR,
"sb_execve_map_script_interpreter: Unsupported result %d", res);
/* remove return values from the stack, leave rule & policy. */
lua_pop(luaif->lua, 6);
break;
}
if(SB_LOG_IS_ACTIVE(SB_LOGLEVEL_NOISE3)) {
dump_lua_stack("sb_execve_map_script_interpreter E2", luaif->lua);
}
SB_LOG(SB_LOGLEVEL_NOISE,
"sb_execve_map_script_interpreter: at exit, gettop=%d",
lua_gettop(luaif->lua));
release_lua(luaif);
return mapped_interpreter;
}
/* Exec Postprocessing:
* Called with "rule" and "exec_policy" already in lua's stack.
*/
int sb_execve_postprocess(char *exec_type,
char **mapped_file,
char **filename,
const char *binary_name,
char ***argv,
char ***envp)
{
struct lua_instance *luaif;
int res, new_argc;
int replace_environment = 0;
luaif = get_lua();
if (!luaif) return(0);
if(SB_LOG_IS_ACTIVE(SB_LOGLEVEL_NOISE3)) {
dump_lua_stack("sb_execve_postprocess entry", luaif->lua);
}
if (!argv || !envp) {
SB_LOG(SB_LOGLEVEL_ERROR,
"ERROR: sb_argvenvp: (argv || envp) == NULL");
release_lua(luaif);
return -1;
}
SB_LOG(SB_LOGLEVEL_NOISE,
"sb_execve_postprocess: gettop=%d", lua_gettop(luaif->lua));
lua_getfield(luaif->lua, LUA_GLOBALSINDEX, "sb_execve_postprocess");
/* stack now contains "rule", "exec_policy" and "sb_execve_postprocess". * move "sb_execve_postprocess" to the bottom : */
lua_insert(luaif->lua, -3);
lua_pushstring(luaif->lua, exec_type);
lua_pushstring(luaif->lua, *mapped_file);
lua_pushstring(luaif->lua, *filename);
lua_pushstring(luaif->lua, binary_name);
strvec_to_lua_table(luaif, *argv);
strvec_to_lua_table(luaif, *envp);
/* args: rule, exec_policy, exec_type, mapped_file, filename,
* binaryname, argv, envp
* returns: res, mapped_file, filename, argc, argv, envc, envp */
lua_call(luaif->lua, 8, 7);
res = lua_tointeger(luaif->lua, -7);
switch (res) {
case 0:
/* exec arguments were modified, replace contents of
* argv vector */
SB_LOG(SB_LOGLEVEL_DEBUG,
"sb_execve_postprocess: Updated argv&envp");
free(*mapped_file);
*mapped_file = strdup(lua_tostring(luaif->lua, -6));
free(*filename);
*filename = strdup(lua_tostring(luaif->lua, -5));
strvec_free(*argv);
new_argc = lua_tointeger(luaif->lua, -4);
lua_string_table_to_strvec(luaif, -3, argv, new_argc);
replace_environment = 1;
break;
case 1:
SB_LOG(SB_LOGLEVEL_DEBUG,
"sb_execve_postprocess: argv was not modified");
/* always update environment when we are going to exec */
replace_environment = 1;
break;
case -1:
SB_LOG(SB_LOGLEVEL_DEBUG,
"sb_execve_postprocess: exec denied");
break;
default:
SB_LOG(SB_LOGLEVEL_ERROR,
"sb_execve_postprocess: Unsupported result %d", res);
break;
}
if (replace_environment) {
int new_envc;
new_envc = lua_tointeger(luaif->lua, -2);
strvec_free(*envp);
lua_string_table_to_strvec(luaif, -1, envp, new_envc);
}
/* remove sb_execve_postprocess return values from the stack. */
lua_pop(luaif->lua, 7);
SB_LOG(SB_LOGLEVEL_NOISE,
"sb_execve_postprocess: at exit, gettop=%d", lua_gettop(luaif->lua));
release_lua(luaif);
return res;
}
