sandbox.lua 5.17 KB
Newer Older
1
2
-- Units
kB = 1024
3
4
MB = 1024*kB
GB = 1024*MB
5
6
-- Time
sec = 1000
7
second = sec
8
minute = 60 * sec
9
min = minute
10
hour = 60 * minute
11
day = 24 * hour
12

13
14
-- Resolver bindings
kres = require('kres')
15
trust_anchors = require('trust_anchors')
16
resolve = worker.resolve
17
18
19
if rawget(kres, 'str2dname') ~= nil then
	todname = kres.str2dname
end
20

21
22
23
24
25
26
27
28
29
30
31
32
33
-- Resolver mode of operation
local current_mode = 'normal'
local mode_table = { normal=0, strict=1, permissive=2 }
function mode(m)
	if not m then return current_mode end
	if not mode_table[m] then error('unsupported mode: '..m) end
	-- Update current operation mode
	current_mode = m
	option('STRICT', current_mode == 'strict')
	option('PERMISSIVE', current_mode == 'permissive')
	return true
end

34
35
36
37
38
39
40
41
42
-- Function aliases
-- `env.VAR returns os.getenv(VAR)`
env = {}
setmetatable(env, {
	__index = function (t, k) return os.getenv(k) end
})

-- Quick access to interfaces
-- `net.<iface>` => `net.interfaces()[iface]`
43
-- `net = {addr1, ..}` => `net.listen(name, addr1)`
44
-- `net.ipv{4,6} = {true, false}` => enable/disable IPv{4,6}
45
46
47
48
setmetatable(net, {
	__index = function (t, k)
		local v = rawget(t, k)
		if v then return v
49
50
		elseif k == 'ipv6' then return not option('NO_IPV6')
		elseif k == 'ipv4' then return not option('NO_IPV4')
51
52
		else return net.interfaces()[k]
		end
53
54
	end,
	__newindex = function (t,k,v)
55
56
57
58
59
60
61
		if     k == 'ipv6' then return option('NO_IPV6', not v)
		elseif k == 'ipv4' then return option('NO_IPV4', not v)
		else
			local iname = rawget(net.interfaces(), v)
			if iname then t.listen(iname)
			else t.listen(v)
			end
62
		end
63
64
65
	end
})

66
67
-- Syntactic sugar for module loading
-- `modules.<name> = <config>`
68
setmetatable(modules, {
69
	__newindex = function (t,k,v)
Marek Vavruša's avatar
Marek Vavruša committed
70
		if type(k) == 'number' then k = v v = nil end
71
72
		if not rawget(_G, k) then
			modules.load(k)
73
			k = string.match(k, '%w+')
74
			local mod = _G[k]
Marek Vavruša's avatar
Marek Vavruša committed
75
			local config = rawget(mod, 'config')
76
			if mod ~= nil and config ~= nil then
Marek Vavruša's avatar
Marek Vavruša committed
77
78
				if k ~= v then config(v)
				else           config()
79
				end
80
81
			end
		end
82
83
84
85
86
87
88
	end
})

-- Syntactic sugar for cache
-- `cache.{size|storage} = value`
setmetatable(cache, {
	__newindex = function (t,k,v)
89
90
91
92
93
94
95
96
		-- Defaults
		local storage = rawget(t, 'current_storage')
		if not storage then storage = 'lmdb://' end
		local size = rawget(t, 'current_size')
		if not size then size = 10*MB end
		-- Declarative interface for cache
		if     k == 'size'    then t.open(v, storage)
		elseif k == 'storage' then t.open(size, v)
97
		else   rawset(t, k, v) end
98
	end
99
100
})

101
102
103
104
-- Syntactic sugar for TA store
setmetatable(trust_anchors, {
	__newindex = function (t,k,v)
	if     k == 'file' then t.config(v)
105
	elseif k == 'negative' then t.set_insecure(v)
106
107
108
109
	else   rawset(t, k, v) end
	end,
})

110
111
112
113
114
115
116
-- Register module in Lua environment
function modules_register(module)
	-- Syntactic sugar for get() and set() properties
	setmetatable(module, {
		__index = function (t, k)
			local  v = rawget(t, k)
			if     v     then return v
117
			elseif rawget(t, 'get') then return t.get(k)
118
119
120
121
			end
		end,
		__newindex = function (t, k, v)
			local  old_v = rawget(t, k)
122
			if not old_v and rawget(t, 'set') then
123
124
125
126
127
128
				t.set(k..' '..v)
			end
		end
	})
end

129
-- Make sandboxed environment
130
local function make_sandbox(defined)
131
	local __protected = { modules = true, cache = true, net = true, trust_anchors = true }
132
133
134
135
136
137
138
139
140
141
142
143
144
	return setmetatable({}, {
		__index = defined,
		__newindex = function (t, k, v)
			if __protected[k] then
				for k2,v2 in pairs(v) do
					defined[k][k2] = v2
				end
			else
				defined[k] = v
			end
		end
	})
end
145

146
-- Compatibility sandbox
147
148
149
150
151
152
if setfenv then -- Lua 5.1 and less
	_G = make_sandbox(getfenv(0))
	setfenv(0, _G)
else -- Lua 5.2+
	_SANDBOX = make_sandbox(_ENV)
end
153

154
155
156
157
158
159
160
161
162
163
164
-- Interactive command evaluation
function eval_cmd(line)
	-- Compatibility sandbox code loading
	local function load_code(code)
	    if getfenv then -- Lua 5.1
	        return loadstring(code)
	    else            -- Lua 5.2+
	        return load(code, nil, 't', _ENV)
	    end
	end
	local status, err, chunk
165
	chunk, err = load_code('return table_print('..line..')')
166
167
168
169
	if err then
		chunk, err = load_code(line)
	end
	if not err then
170
171
172
		return chunk()
	else
		error(err)
173
174
175
	end
end

176
177
178
179
-- Pretty printing
function table_print (tt, indent, done)
	done = done or {}
	indent = indent or 0
180
	result = ""
181
182
183
184
185
186
187
188
189
190
191
192
193
	-- Convert to printable string (escape unprintable)
	local function printable(value)
		value = tostring(value)
		local bytes = {}
		for i = 1, #value do
			local c = string.byte(value, i)
			if c >= 0x20 and c < 0x7f then table.insert(bytes, string.char(c))
			else                           table.insert(bytes, '\\'..tostring(c))
			end
			if i > 50 then table.insert(bytes, '...') break end
		end
		return table.concat(bytes)
	end
194
195
	if type(tt) == "table" then
		for key, value in pairs (tt) do
196
			result = result .. string.rep (" ", indent)
197
198
			if type (value) == "table" and not done [value] then
				done [value] = true
199
				result = result .. string.format("[%s] => {\n", printable (key))
200
				result = result .. table_print (value, indent + 4, done)
201
202
				result = result .. string.rep (" ", indent)
				result = result .. "}\n"
203
			else
204
				result = result .. string.format("[%s] => %s\n",
205
				         tostring (key), printable(value))
206
207
208
			end
		end
	else
209
		result = result .. tostring(tt) .. "\n"
210
	end
211
	return result
Marek Vavruša's avatar
Marek Vavruša committed
212
end