mirror of
https://github.com/ShadowKatStudios/OC-Minitel.git
synced 2024-11-23 10:38:05 +11:00
added basic ACLs for the RPC library
This commit is contained in:
parent
f0527243b4
commit
2363890151
@ -6,6 +6,7 @@ local rpcf = {}
|
|||||||
local rpcrunning = false
|
local rpcrunning = false
|
||||||
local rpc = {}
|
local rpc = {}
|
||||||
rpc.port = 111
|
rpc.port = 111
|
||||||
|
|
||||||
function rpc.call(hostname,fn,...)
|
function rpc.call(hostname,fn,...)
|
||||||
if hostname == "localhost" then
|
if hostname == "localhost" then
|
||||||
return rpcf[fn](...)
|
return rpcf[fn](...)
|
||||||
@ -39,19 +40,37 @@ function rpc.proxy(hostname,filter)
|
|||||||
return rt
|
return rt
|
||||||
end
|
end
|
||||||
|
|
||||||
|
local function setacl(self, fname, host)
|
||||||
|
self[fname] = self[fname] or {}
|
||||||
|
self[fname][host] = true
|
||||||
|
end
|
||||||
|
rpc.allow = setmetatable({},{__call=setacl})
|
||||||
|
rpc.deny = setmetatable({},{__call=setacl})
|
||||||
|
|
||||||
|
local function isPermitted(host,fn)
|
||||||
|
if rpc.allow[fn] then
|
||||||
|
return rpc.allow[fn][host] or false
|
||||||
|
end
|
||||||
|
if rpc.deny[fn] and rpc.deny[fn][host] then
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
|
||||||
function rpc.register(name,fn)
|
function rpc.register(name,fn)
|
||||||
if not rpcrunning then
|
if not rpcrunning then
|
||||||
event.listen("net_msg",function(_, from, port, data)
|
event.listen("net_msg",function(_, from, port, data)
|
||||||
if port == rpc.port then
|
if port == rpc.port then
|
||||||
local rpcrq = serial.unserialize(data)
|
local rpcrq = serial.unserialize(data)
|
||||||
local rpcn, rpcid = table.remove(rpcrq,1), table.remove(rpcrq,1)
|
local rpcn, rpcid = table.remove(rpcrq,1), table.remove(rpcrq,1)
|
||||||
if rpcf[rpcn] then
|
if rpcf[rpcn] and isPermitted(from,rpcn) then
|
||||||
local rt = {pcall(rpcf[rpcn],table.unpack(rpcrq))}
|
local rt = {pcall(rpcf[rpcn],table.unpack(rpcrq))}
|
||||||
if rt[1] == true then
|
if rt[1] == true then
|
||||||
table.remove(rt,1)
|
table.remove(rt,1)
|
||||||
end
|
end
|
||||||
minitel.send(from,port,serial.serialize({rpcid,table.unpack(rt)}))
|
minitel.send(from,port,serial.serialize({rpcid,table.unpack(rt)}))
|
||||||
else
|
else
|
||||||
|
minitel.send(from,port,serial.serialize({rpcid,false,"function unavailable"}))
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end)
|
end)
|
||||||
@ -67,5 +86,4 @@ function rpc.register(name,fn)
|
|||||||
rpcf[name] = fn
|
rpcf[name] = fn
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
return rpc
|
return rpc
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
# RPC
|
# RPC
|
||||||
Minitel Remote Procedure Call Library
|
Minitel Remote Procedure Call Library for OpenOS
|
||||||
|
|
||||||
## API
|
## API
|
||||||
In all instances, if *hostname* is replaced with *localhost*, an attempt will be made to call the registered procedure on the local machine.
|
In all instances, if *hostname* is replaced with *localhost*, an attempt will be made to call the registered procedure on the local machine.
|
||||||
@ -13,7 +13,23 @@ Return a table containing the functions on *hostname* matching *filter*, which i
|
|||||||
### rpc.register(*name*, *function*)
|
### rpc.register(*name*, *function*)
|
||||||
Registers *function* as the RPC call for *name* on the current host.
|
Registers *function* as the RPC call for *name* on the current host.
|
||||||
|
|
||||||
|
### rpc.allow(*fname*, *hostname*)
|
||||||
|
Adds *hostname* to the list of remote hosts allowed to execute the function *fname*.
|
||||||
|
|
||||||
|
## Access control
|
||||||
|
Access control is implemented by way of an "allow" list and a "deny" list. Any function lacking both lists will default to the function being available to all hosts.
|
||||||
|
|
||||||
|
Any entries in the 'allow' list for a function will disable access for any but those in the allow list.
|
||||||
|
|
||||||
|
Entries in the 'deny' list will result in the hosts in said list being denied, but other hosts are allowed. This will not override the 'allow' list.
|
||||||
|
|
||||||
## Variables
|
## Variables
|
||||||
|
|
||||||
### rpc.port = 111
|
### rpc.port = 111
|
||||||
Port to use for RPC calls and registration.
|
Port to use for RPC calls and registration.
|
||||||
|
|
||||||
|
### rpc.allow = {}
|
||||||
|
Table containing the allow lists of exported functions. Contents subject to change.
|
||||||
|
|
||||||
|
### rpc.deny = {}
|
||||||
|
Table containing the deny lists of exported functions. Contents subject to change.
|
||||||
|
Loading…
Reference in New Issue
Block a user