Enable Lua packages and Lua C packages

darkdreamingdan · darkdreamingdan · commit 0613d87b1210 · 2016-08-11T13:47:03.000+01:00
The 'require' function is enabled to load Lua and Lua C
packages/modules.  package.loaded and package.seeall have also been
reactivated.

Pure Lua modules must be placed correctly in either:
&lt;resource&gt;/?.lua
&lt;resource&gt;/?/init.lua

Lua C Modules must be placed in:
/server/mods/deathmatch/modules/?.dll

To easily test or use modules for Windows: Download and install Lua for
Windows.  Copy contents of C:\Program Files (x86)\Lua\5.1\clibs into
/server/mods/deathmatch/modules.  Use e.g. require"lfs"

Considerations:
1) vulnerable to debug library (debug.getregistry)
2) no ACL implementation
diff --git a/Server/mods/deathmatch/logic/lua/CLuaMain.cpp b/Server/mods/deathmatch/logic/lua/CLuaMain.cpp
@@ -63,6 +63,7 @@ CLuaMain::CLuaMain ( CLuaManager* pLuaManager,
 
     m_bEnableOOP = bEnableOOP;
 
+    m_iPackageRef = -1;
 
     CPerfStatLuaMemory::GetSingleton ()->OnLuaMainCreate ( this );
     CPerfStatLuaTiming::GetSingleton ()->OnLuaMainCreate ( this );
@@ -126,13 +127,33 @@ void CLuaMain::InitSecurity ( void )
 {
     lua_register ( m_luaVM, "dofile", CLuaUtilDefs::DisabledFunction );
     lua_register ( m_luaVM, "loadfile", CLuaUtilDefs::DisabledFunction );
-    lua_register ( m_luaVM, "require", CLuaUtilDefs::DisabledFunction );
-    lua_register ( m_luaVM, "loadlib", CLuaUtilDefs::DisabledFunction );
     lua_register ( m_luaVM, "getfenv", CLuaUtilDefs::DisabledFunction );
     lua_register ( m_luaVM, "newproxy", CLuaUtilDefs::DisabledFunction );
 }
 
 
+void CLuaMain::InitPackageSecurity(void)
+{
+    // Grab our original package library
+    lua_getglobal(m_luaVM, "package");                          // stack: [tbl_package]
+
+    // Create a new package library, with only whitelisted functions
+    lua_newtable(m_luaVM);                                      // stack: [tbl_package,tbl_new]
+    std::vector<const char*> szWhitelist = { "loaded", "seeall" };
+    for (auto it = szWhitelist.begin(); it != szWhitelist.end(); it++)
+    {
+        lua_pushstring(m_luaVM, *it);                           // stack: [tbl_package,tbl_new,"loaded"]
+        lua_pushstring(m_luaVM, *it);                           // stack: [tbl_package,tbl_new,"loaded","loaded"]
+        lua_gettable(m_luaVM, -4);                              // stack: [tbl_package,tbl_new,"loaded",package.loaded]
+        lua_settable(m_luaVM, -3);                              // stack: [tbl_package,tbl_new]
+    }
+    lua_setglobal(m_luaVM, "package");                          // stack: [tbl_package]
+    
+    // Keep the original package library safe in the registry
+    m_iPackageRef = luaL_ref(m_luaVM, LUA_REGISTRYINDEX);       // stack: []
+}
+
+
 void CLuaMain::InitClasses ( lua_State* luaVM )
 {
     lua_initclasses             ( luaVM );
@@ -185,13 +206,27 @@ void CLuaMain::InitVM ( void )
     lua_sethook ( m_luaVM, InstructionCountHook, LUA_MASKCOUNT, HOOK_INSTRUCTION_COUNT );
 
     // Load LUA libraries
-    luaopen_base ( m_luaVM );
-    luaopen_math ( m_luaVM );
-    luaopen_string ( m_luaVM );
-    luaopen_table ( m_luaVM );
-    luaopen_debug ( m_luaVM );
-    luaopen_utf8 ( m_luaVM );
-
+    const luaL_Reg lualibs[] = {
+        { "", luaopen_base },
+        { LUA_LOADLIBNAME, luaopen_package },
+        { LUA_TABLIBNAME, luaopen_table },
+        { LUA_STRLIBNAME, luaopen_string },
+        { LUA_MATHLIBNAME, luaopen_math },
+        { LUA_DBLIBNAME, luaopen_debug },
+        { "utf8", luaopen_utf8 },
+        { NULL, NULL }
+    };
+
+    const luaL_Reg *lib = lualibs;
+    for (; lib->func; lib++) {
+        lua_pushcfunction(m_luaVM, lib->func);
+        lua_pushstring(m_luaVM, lib->name);
+        lua_call(m_luaVM, 1, 0);
+    }
+   
+    // Initialize our customized 'package' library with restricted functions
+    InitPackageSecurity ();
+    
     // Initialize security restrictions. Very important to prevent lua trojans and viruses!
     InitSecurity ();
 
@@ -686,3 +721,39 @@ int CLuaMain::OnUndump( const char* p, size_t n )
     }
     return 1;
 }
+
+
+///////////////////////////////////////////////////////////////
+//
+// CLuaMain::SetPackagePaths
+//
+// Sets module directories for pure lua and C lua modules
+//
+///////////////////////////////////////////////////////////////
+bool CLuaMain::SetPackagePaths(SString strPath, SString strCPath)
+{
+    if (!m_luaVM || m_iPackageRef < 0 )
+        return false;
+
+    // Setup our wildcards for searching
+    strPath = PathJoin(strPath, "?.lua") + ";" + PathJoin(strPath, "?/init.lua");
+
+#ifdef WIN32
+    strCPath = PathJoin(strCPath, "?.dll");
+#else
+    strCPath = PathJoin(strCPath, "?.so");
+#endif
+
+    // Overwrite our path variable function from the registry (saved earlier)
+    lua_rawgeti(m_luaVM, LUA_REGISTRYINDEX, m_iPackageRef);         // stack: [tbl_hiddenPackage]
+    lua_pushstring(m_luaVM, "path");                                // stack: [tbl_hiddenPackage,"path"]
+    lua_pushstring(m_luaVM, strPath.c_str());                       // stack: [tbl_hiddenPackage,"path","C:/someresource/?.lua"]
+    lua_settable(m_luaVM, -3);                                      // stack: [tbl_hiddenPackage]
+
+    lua_pushstring(m_luaVM, "cpath");                               // stack: [tbl_hiddenPackage,"cpath"]
+    lua_pushstring(m_luaVM, strCPath.c_str());                      // stack: [tbl_hiddenPackage,"cpath","C:/somemodules/?.dll"]
+    lua_settable(m_luaVM, -3);                                      // stack: [tbl_hiddenPackage]
+    lua_pop(m_luaVM, -1);                                           // stack: []
+
+    return true;
+}
diff --git a/Server/mods/deathmatch/logic/lua/CLuaMain.h b/Server/mods/deathmatch/logic/lua/CLuaMain.h
@@ -120,8 +120,11 @@ class CLuaMain //: public CClient
     static int                      LuaLoadBuffer           ( lua_State *L, const char *buff, size_t sz, const char *name );
     static int                      OnUndump                ( const char* p, size_t n );
 
+    bool                            SetPackagePaths         ( SString strPath, SString strCPath );
+
 private:
     void                            InitSecurity            ( void );
+    void                            InitPackageSecurity     ( void );
     void                            InitClasses             ( lua_State* luaVM );
 
 public:
@@ -134,6 +137,7 @@ class CLuaMain //: public CClient
     SString                         m_strScriptName;
 
     lua_State*                      m_luaVM;
+    int                             m_iPackageRef;
     CLuaTimerManager*               m_pLuaTimerManager;
 
     class CResource*                m_pResource;
diff --git a/Server/mods/deathmatch/logic/lua/CLuaManager.cpp b/Server/mods/deathmatch/logic/lua/CLuaManager.cpp
@@ -76,7 +76,10 @@ CLuaMain * CLuaManager::CreateVirtualMachine ( CResource* pResourceOwner, bool b
     CLuaMain * pLuaMain = new CLuaMain ( this, m_pObjectManager, m_pPlayerManager, m_pVehicleManager, m_pBlipManager, m_pRadarAreaManager, m_pMapManager, pResourceOwner, bEnableOOP );
     m_virtualMachines.push_back ( pLuaMain );
     pLuaMain->InitVM ();
-
+    pLuaMain->SetPackagePaths(
+            pResourceOwner->IsResourceZip() ? pResourceOwner->GetResourceCacheDirectoryPath() : pResourceOwner->GetResourceDirectoryPath(),
+            PathJoin(g_pServerInterface->GetModManager()->GetServerPath(), SERVER_BIN_PATH_MOD, "modules")
+        );
     m_pLuaModuleManager->RegisterFunctions ( pLuaMain->GetVirtualMachine() );
 
     return pLuaMain;
