From 110995f13109b656aa05b0a60b4918ca91a63205 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= Date: Wed, 5 Oct 2011 13:18:18 +0000 Subject: [PATCH] Import extended and custom functions with fake jail (#355) --- modules/lemonldap-ng-handler/MANIFEST | 2 + .../lib/Lemonldap/NG/Handler/Simple.pm | 72 ++++++++++++++----- .../t/12-Lemonldap-NG-Handler-Safe.t | 23 ++++++ .../t/13-Lemonldap-NG-Handler-Fake-Safe.t | 21 ++++++ 4 files changed, 99 insertions(+), 19 deletions(-) create mode 100644 modules/lemonldap-ng-handler/t/12-Lemonldap-NG-Handler-Safe.t create mode 100644 modules/lemonldap-ng-handler/t/13-Lemonldap-NG-Handler-Fake-Safe.t diff --git a/modules/lemonldap-ng-handler/MANIFEST b/modules/lemonldap-ng-handler/MANIFEST index d8207fdcb..d69e20cee 100644 --- a/modules/lemonldap-ng-handler/MANIFEST +++ b/modules/lemonldap-ng-handler/MANIFEST @@ -31,6 +31,8 @@ t/02-Lemonldap-NG-Handler-Portal.t t/05-Lemonldap-NG-Handler-Vhost.t t/10-Lemonldap-NG-Handler-SharedConf.t t/11-Lemonldap-NG-Handler-Status.t +t/12-Lemonldap-NG-Handler-Safe.t +t/13-Lemonldap-NG-Handler-Fake-Safe.t t/20-Lemonldap-NG-Handler-CDA.t t/30-Lemonldap-NG-Handler-CGI.t t/40-Lemonldap-NG-Handler-Proxy.t diff --git a/modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Simple.pm b/modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Simple.pm index 1ad8160cd..75f781e79 100644 --- a/modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Simple.pm +++ b/modules/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Simple.pm @@ -28,7 +28,7 @@ use constant SAFEWRAP => ( Safe->can("wrap_code_ref") ? 1 : 0 ); #inherits Apache::Session #link Lemonldap::NG::Common::Apache::Session::SOAP protected globalStorage -our $VERSION = '1.1.0'; +our $VERSION = '1.1.2'; our %EXPORT_TAGS; @@ -317,6 +317,53 @@ sub lmHeaderOut { } } +############################## +# Fake Safe jail subroutines # +############################## + +## @method reval +# Fake reval method if useSafeJail desactivated +sub reval { + my ( $class, $e ) = splice @_; + return eval $e; +} + +## @method wrap_code_ref +# Fake wrap_code_ref method if useSafeJail desactivated +sub wrap_code_ref { + my ( $class, $e ) = splice @_; + return $e; +} + +## @method share +# Fake share method if useSafeJail desactivated +sub share { + my ( $class, @vars ) = splice @_; + $class->share_from( scalar(caller), \@vars ); +} + +## @method share_form +# Fake share_from method if useSafeJail desactivated +sub share_from { + my ( $class, $pkg, $vars ) = splice @_; + + no strict 'refs'; + foreach my $arg (@$vars) { + my ( $var, $type ); + $type = $1 if ( $var = $arg ) =~ s/^(\W)//; + for ( 1 .. 2 ) { # assign twice to avoid any 'used once' warnings + *{$var} = + ( !$type ) ? \&{ $pkg . "::$var" } + : ( $type eq '&' ) ? \&{ $pkg . "::$var" } + : ( $type eq '$' ) ? \${ $pkg . "::$var" } + : ( $type eq '@' ) ? \@{ $pkg . "::$var" } + : ( $type eq '%' ) ? \%{ $pkg . "::$var" } + : ( $type eq '*' ) ? *{ $pkg . "::$var" } + : undef; + } + } +} + ############################## # Initialization subroutines # ############################## @@ -353,32 +400,19 @@ sub safe { if ($useSafeJail) { $safe = new Safe; $safe->share_from( 'main', ['%ENV'] ); - $safe->share_from( 'Lemonldap::NG::Common::Safelib', - $Lemonldap::NG::Common::Safelib::functions ); - $safe->share( '&encode_base64', '$datas', '&portal', '$apacheRequest', - @t ); } else { $safe = $class; } + # Share objets with Safe jail + $safe->share_from( 'Lemonldap::NG::Common::Safelib', + $Lemonldap::NG::Common::Safelib::functions ); + $safe->share( '&encode_base64', '$datas', '&portal', '$apacheRequest', @t ); + return $safe; } -## @method reval -# Fake reval method if useSafeJail desactivated -sub reval { - my ( $class, $e ) = splice @_; - return eval $e; -} - -## @method wrap_code_ref -# Fake wrap_code_ref method if useSafeJail desactivated -sub wrap_code_ref { - my ( $class, $e ) = splice @_; - return $e; -} - ## @imethod void localInit(hashRef args) # Call purgeCache() to purge the local cache, launch the status process # (statusProcess()) in wanted and launch childInit(). diff --git a/modules/lemonldap-ng-handler/t/12-Lemonldap-NG-Handler-Safe.t b/modules/lemonldap-ng-handler/t/12-Lemonldap-NG-Handler-Safe.t new file mode 100644 index 000000000..fc1f5a903 --- /dev/null +++ b/modules/lemonldap-ng-handler/t/12-Lemonldap-NG-Handler-Safe.t @@ -0,0 +1,23 @@ +# Before `make install' is performed this script should be runnable with +# `make test'. After `make install' it should work as `perl Lemonldap-NG-Handler-SharedConf.t' + +######################### + +# change 'tests => 1' to 'tests => last_test_to_print'; + +use Test::More tests => 3; +BEGIN { use_ok('Lemonldap::NG::Handler::Simple') } + +######################### + +# Insert your test code below, the Test::More module is use()ed here so read +# its man page ( perldoc Test::More ) for help writing this test script. + +my $h; +$h = bless {}, 'Lemonldap::NG::Handler::Simple'; + +ok($h->defaultValuesInit({ useSafeJail => 1, }), 'Enabling Safe Jail'); + +my $basic = $h->safe->reval("basic('login','password')"); +ok( ( !defined($basic) or defined($basic)), 'basic extended function can be undef with recent Safe Jail'); + diff --git a/modules/lemonldap-ng-handler/t/13-Lemonldap-NG-Handler-Fake-Safe.t b/modules/lemonldap-ng-handler/t/13-Lemonldap-NG-Handler-Fake-Safe.t new file mode 100644 index 000000000..216de8320 --- /dev/null +++ b/modules/lemonldap-ng-handler/t/13-Lemonldap-NG-Handler-Fake-Safe.t @@ -0,0 +1,21 @@ +# Before `make install' is performed this script should be runnable with +# `make test'. After `make install' it should work as `perl Lemonldap-NG-Handler-SharedConf.t' + +######################### + +# change 'tests => 1' to 'tests => last_test_to_print'; + +use Test::More tests => 3; +BEGIN { use_ok('Lemonldap::NG::Handler::Simple') } + +######################### + +# Insert your test code below, the Test::More module is use()ed here so read +# its man page ( perldoc Test::More ) for help writing this test script. + +my $h; +$h = bless {}, 'Lemonldap::NG::Handler::Simple'; + +ok($h->defaultValuesInit({ useSafeJail => 0, }), 'Disabling Safe Jail'); +like( $h->safe->reval("basic('login','password')"), "/^Basic bG9naW46cGFzc3dvcmQ=/" , 'basic extended function working without Safe Jail'); +