lemonldap-ng/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Main/Jail.pm

package Lemonldap::NG::Handler::Main::Jail;

use strict;

use Safe;
use Lemonldap::NG::Common::Safelib;    #link protected safe Safe object
use constant SAFEWRAP => ( Safe->can("wrap_code_ref") ? 1 : 0 );
use Mouse;
use Lemonldap::NG::Handler::Main::Logger;

has customFunctions => ( is => 'rw', isa => 'Maybe[Str]' );

has useSafeJail => ( is => 'rw', isa => 'Maybe[Int]' );

has jail => ( is => 'rw' );

our $VERSION = '1.4.0';

use Lemonldap::NG::Handler::Main '$datas';
use Lemonldap::NG::Handler::API ':functions';

## @imethod protected build_jail()
# Build and return the security jail used to compile rules and headers.
# @return Safe object
sub build_jail {
    my $self = shift;

    return $self->jail
      if ( $self->jail
        && $self->jail->useSafeJail == $self->useSafeJail
        && $self->jail->customFunctions == $self->customFunctions );

    $self->useSafeJail(1) unless defined $self->useSafeJail;

    my @t =
      $self->customFunctions ? split( /\s+/, $self->customFunctions ) : ();
    foreach (@t) {
        Lemonldap::NG::Handler::Main::Logger->lmLog( "Custom function : $_",
            'debug' );
        my $sub = $_;
        unless (/::/) {
            $sub = "$self\::$_";
        }
        else {
            s/^.*:://;
        }
        next if ( $self->can($_) );
        eval "sub $_ {
            my \$r = shift;
            my \$uri = Lemonldap::NG::Handler::API->uri_with_args(\$r);
            return $sub(\$uri, \$r, \@_)
            }";
        Lemonldap::NG::Handler::Main::Logger->lmLog( $@, 'error' ) if ($@);
    }

    if ( $self->useSafeJail ) {
        $self->jail( Safe->new );
        $self->jail->share_from( 'main', ['%ENV'] );
    }
    else {
        $self->jail($self);
    }

    # Share objects with Safe jail
    $self->jail->share_from( 'Lemonldap::NG::Common::Safelib',
        $Lemonldap::NG::Common::Safelib::functions );

    $self->jail->share_from( 'Lemonldap::NG::Handler::Main', ['$datas'] );
    $self->jail->share_from(
        'Lemonldap::NG::Handler::API',
        [
            qw( &hostname &remote_ip &uri &uri_with_args
              &unparsed_uri &args &method &header_in   )
        ]
    );
    $self->jail->share(@t);
    $self->jail->share_from( 'MIME::Base64', ['&encode_base64'] );

    return $self->jail;
}

## @method reval
# Fake reval method if useSafeJail is off
sub reval {
    my ( $self, $e ) = @_;
    return eval $e;
}

## @method wrap_code_ref
# Fake wrap_code_ref method if useSafeJail is off
sub wrap_code_ref {
    my ( $self, $e ) = @_;
    return $e;
}

## @method share
# Fake share method if useSafeJail is off
sub share {
    my ( $self, @vars ) = @_;
    $self->share_from( scalar(caller), \@vars );
}

## @method share_from
# Fake share_from method if useSafeJail is off
sub share_from {
    my ( $self, $pkg, $vars ) = @_;

    no strict 'refs';
    foreach my $arg (@$vars) {
        my ( $var, $type );
        $type = $1 if ( $var = $arg ) =~ s/^(\W)//;
        for ( 1 .. 2 ) {    # assign twice to avoid any 'used once' warnings
            *{$var} =
                ( !$type )       ? \&{ $pkg . "::$var" }
              : ( $type eq '&' ) ? \&{ $pkg . "::$var" }
              : ( $type eq '$' ) ? \${ $pkg . "::$var" }
              : ( $type eq '@' ) ? \@{ $pkg . "::$var" }
              : ( $type eq '%' ) ? \%{ $pkg . "::$var" }
              : ( $type eq '*' ) ? *{ $pkg . "::$var" }
              :                    undef;
        }
    }
}

## @imethod protected jail_reval()
# Build and return restricted eval command with SAFEWRAP, if activated
# @return evaluation of $reval or $reval2
sub jail_reval {
    my ( $self, $reval ) = @_;

    # if nothing is returned by reval, add the return statement to
    # the "no safe wrap" reval
    my $nosw_reval = $reval;
    if ( $reval !~ /^sub\{return\(.*\}$/ ) {
        $nosw_reval =~ s/^sub\{(.*)\}$/sub{return($1)}/;
    }

    return (
        SAFEWRAP
        ? $self->jail->wrap_code_ref( $self->jail->reval($reval) )
        : $self->jail->reval($nosw_reval)
    );

}

1;
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
+								package Lemonldap::NG::Handler::Main::Jail;
 								use strict;
 								use Safe;
 								use Lemonldap::NG::Common::Safelib;    #link protected safe Safe object
 								use constant SAFEWRAP => ( Safe->can("wrap_code_ref") ? 1 : 0 );
 								use Mouse;
 								use Lemonldap::NG::Handler::Main::Logger;
 								has customFunctions => ( is => 'rw', isa => 'Maybe[Str]' );
 								has useSafeJail => ( is => 'rw', isa => 'Maybe[Int]' );
-												Handler Jail: attribute "safe" renamed into "jail" (#729)




											
										
										
											2014-07-07 11:54:13 +02:00
+								has jail => ( is => 'rw' );
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
-												pass $apacheRequest object to functions in parameters
instead of as a global var (#630)




											
										
										
											2014-05-23 12:23:51 +02:00
+								our $VERSION = '1.4.0';
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
-												Handler: Add functions in jail to get request data (#633)




											
										
										
											2014-07-04 10:36:38 +02:00
+								use Lemonldap::NG::Handler::Main '$datas';
 								use Lemonldap::NG::Handler::API ':functions';
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
-												Handler Jail: attribute "safe" renamed into "jail" (#729)




											
										
										
											2014-07-07 11:54:13 +02:00
+								## @imethod protected build_jail()
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
+								# Build and return the security jail used to compile rules and headers.
 								# @return Safe object
-												Handler Jail: attribute "safe" renamed into "jail" (#729)




											
										
										
											2014-07-07 11:54:13 +02:00
+								sub build_jail {
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
+								    my $self = shift;
-												Handler Jail: attribute "safe" renamed into "jail" (#729)




											
										
										
											2014-07-07 11:54:13 +02:00
+								    return $self->jail
 								      if ( $self->jail
 								        && $self->jail->useSafeJail == $self->useSafeJail
 								        && $self->jail->customFunctions == $self->customFunctions );
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
 								    $self->useSafeJail(1) unless defined $self->useSafeJail;
 								    my @t =
 								      $self->customFunctions ? split( /\s+/, $self->customFunctions ) : ();
 								    foreach (@t) {
 								        Lemonldap::NG::Handler::Main::Logger->lmLog( "Custom function : $_",
 								            'debug' );
 								        my $sub = $_;
 								        unless (/::/) {
 								            $sub = "$self\::$_";
 								        }
 								        else {
 								            s/^.*:://;
 								        }
 								        next if ( $self->can($_) );
 								        eval "sub $_ {
-												Handler: Rename vars $apacheRequest and $mess into $r and $msg (#630)




											
										
										
											2014-06-19 19:53:04 +02:00
+								            my \$r = shift;
 								            my \$uri = Lemonldap::NG::Handler::API->uri_with_args(\$r);
 								            return $sub(\$uri, \$r, \@_)
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
+								            }";
 								        Lemonldap::NG::Handler::Main::Logger->lmLog( $@, 'error' ) if ($@);
 								    }
 								    if ( $self->useSafeJail ) {
-												Handler Jail: attribute "safe" renamed into "jail" (#729)




											
										
										
											2014-07-07 11:54:13 +02:00
+								        $self->jail( Safe->new );
 								        $self->jail->share_from( 'main', ['%ENV'] );
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
+								    }
 								    else {
-												Handler Jail: attribute "safe" renamed into "jail" (#729)




											
										
										
											2014-07-07 11:54:13 +02:00
+								        $self->jail($self);
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
+								    }
 								    # Share objects with Safe jail
-												Handler Jail: attribute "safe" renamed into "jail" (#729)




											
										
										
											2014-07-07 11:54:13 +02:00
+								    $self->jail->share_from( 'Lemonldap::NG::Common::Safelib',
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
+								        $Lemonldap::NG::Common::Safelib::functions );
-												Handler Jail: attribute "safe" renamed into "jail" (#729)




											
										
										
											2014-07-07 11:54:13 +02:00
+								    $self->jail->share_from( 'Lemonldap::NG::Handler::Main', ['$datas'] );
 								    $self->jail->share_from(
-												Handler: Ensure that new jail is consistent with its attributes (#729)




											
										
										
											2014-07-07 11:36:54 +02:00
+								        'Lemonldap::NG::Handler::API',
 								        [
 								            qw( &hostname &remote_ip &uri &uri_with_args
 								              &unparsed_uri &args &method &header_in   )
 								        ]
 								    );
-												Handler Jail: attribute "safe" renamed into "jail" (#729)




											
										
										
											2014-07-07 11:54:13 +02:00
+								    $self->jail->share(@t);
 								    $self->jail->share_from( 'MIME::Base64', ['&encode_base64'] );
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
-												Handler Jail: attribute "safe" renamed into "jail" (#729)




											
										
										
											2014-07-07 11:54:13 +02:00
+								    return $self->jail;
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
+								}
 								## @method reval
 								# Fake reval method if useSafeJail is off
 								sub reval {
-												Replace 'splice' by copy (Closes: #534)


											
										
										
											2016-01-02 10:29:05 +01:00
+								    my ( $self, $e ) = @_;
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
+								    return eval $e;
 								}
 								## @method wrap_code_ref
 								# Fake wrap_code_ref method if useSafeJail is off
 								sub wrap_code_ref {
-												Replace 'splice' by copy (Closes: #534)


											
										
										
											2016-01-02 10:29:05 +01:00
+								    my ( $self, $e ) = @_;
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
+								    return $e;
 								}
 								## @method share
 								# Fake share method if useSafeJail is off
 								sub share {
-												Replace 'splice' by copy (Closes: #534)


											
										
										
											2016-01-02 10:29:05 +01:00
+								    my ( $self, @vars ) = @_;
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
+								    $self->share_from( scalar(caller), \@vars );
 								}
 								## @method share_from
 								# Fake share_from method if useSafeJail is off
 								sub share_from {
-												Replace 'splice' by copy (Closes: #534)


											
										
										
											2016-01-02 10:29:05 +01:00
+								    my ( $self, $pkg, $vars ) = @_;
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
 								    no strict 'refs';
 								    foreach my $arg (@$vars) {
 								        my ( $var, $type );
 								        $type = $1 if ( $var = $arg ) =~ s/^(\W)//;
 								        for ( 1 .. 2 ) {    # assign twice to avoid any 'used once' warnings
 								            *{$var} =
-												make tidy on all files


											
										
										
											2015-03-10 16:07:33 +01:00
+								                ( !$type )       ? \&{ $pkg . "::$var" }
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
+								              : ( $type eq '&' ) ? \&{ $pkg . "::$var" }
 								              : ( $type eq '$' ) ? \${ $pkg . "::$var" }
 								              : ( $type eq '@' ) ? \@{ $pkg . "::$var" }
 								              : ( $type eq '%' ) ? \%{ $pkg . "::$var" }
 								              : ( $type eq '*' ) ? *{ $pkg . "::$var" }
 								              :                    undef;
 								        }
 								    }
 								}
 								## @imethod protected jail_reval()
 								# Build and return restricted eval command with SAFEWRAP, if activated
 								# @return evaluation of $reval or $reval2
 								sub jail_reval {
-												Replace 'splice' by copy (Closes: #534)


											
										
										
											2016-01-02 10:29:05 +01:00
+								    my ( $self, $reval ) = @_;
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
-												make tidy


											
										
										
											2014-06-08 12:04:50 +02:00
+								    # if nothing is returned by reval, add the return statement to
-- fix commit 3268: the jail_reval function must handle more cases
(references #630)




											
										
										
											2014-03-17 15:38:22 +01:00
+								    # the "no safe wrap" reval
 								    my $nosw_reval = $reval;
 								    if ( $reval !~ /^sub\{return\(.*\}$/ ) {
-												Avoid 'Unescaped left brace in regex is deprecated' warning


											
										
										
											2015-12-26 11:49:15 +01:00
+								        $nosw_reval =~ s/^sub\{(.*)\}$/sub{return($1)}/;
-- fix commit 3268: the jail_reval function must handle more cases
(references #630)




											
										
										
											2014-03-17 15:38:22 +01:00
+								    }
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
+								    return (
 								        SAFEWRAP
-												Handler Jail: attribute "safe" renamed into "jail" (#729)




											
										
										
											2014-07-07 11:54:13 +02:00
+								        ? $self->jail->wrap_code_ref( $self->jail->reval($reval) )
 								        : $self->jail->reval($nosw_reval)
-												- Merging branch lemonldap-ng-experimental/Handler-Mouse with with trunk
code impacted:
* lemonldap-ng-handler/*: handler code,
* lemonldap-ng-handler/example/*.pm: handler aliases to libraries,
* _example/etc/*.conf: virtual host templates
(references #630, #LEMONLDAP-386)

(second part of incomplete r3251 commit)




											
										
										
											2014-03-13 16:07:36 +01:00
+								    );
 								}
 ;