lualoader: Expose loader.parse and add cli_execute_unparsed

This will be used for scenarios where the command to execute is coming in
via the environment (from, for example, loader.conf(5)) and is thus not
necessarily trusted.

cli_execute_unparsed will immediately be used for handling
module_{before,after,error} as well as menu_timeout_command. We still want
to offer these variables the ability to execute Lua-intercepted loader
commands, but we don't want them to be able to execute arbitrary Lua.

Reviewed by:	imp
Differential Revision:	https://reviews.freebsd.org/D14580

2 files changed, 23 insertions, 0 deletions

diff --git a/stand/liblua/lutils.c b/stand/liblua/lutils.c
index 4c7a75ae142f..014edf18ab4b 100644
--- a/stand/liblua/lutils.c
+++ b/stand/liblua/lutils.c
@@ -97,6 +97,24 @@ lua_interpret(lua_State *L)
 }
 
 static int
+lua_parse(lua_State *L)
+{
+	int	argc, nargc;
+	char	**argv;
+
+	if (parse(&argc, &argv, luaL_checkstring(L, 1)) == 0) {
+		for (nargc = 0; nargc < argc; ++nargc) {
+			lua_pushstring(L, argv[nargc]);
+		}
+		free(argv);
+		return nargc;
+	}
+
+	lua_pushnil(L);
+	return 1;
+}
+
+static int
 lua_getchar(lua_State *L)
 {
 
@@ -325,6 +343,7 @@ static const struct luaL_Reg loaderlib[] = {
 	REG_SIMPLE(delay),
 	REG_SIMPLE(command),
 	REG_SIMPLE(interpret),
+	REG_SIMPLE(parse),
 	REG_SIMPLE(getenv),
 	REG_SIMPLE(perform),
 	/* Also registered as the global 'printc' */
diff --git a/stand/lua/cli.lua b/stand/lua/cli.lua
index d6c3a54b9bf9..ac992d9196e1 100644
--- a/stand/lua/cli.lua
+++ b/stand/lua/cli.lua
@@ -94,6 +94,10 @@ function cli_execute(...)
 
 end
 
+function cli.execute_unparsed(str)
+	cli_execute(loader.parse(str))
+end
+
 -- Module exports
 
 function cli.boot(...)