gitlabFork/ISPConfig3.git - Solinfo Gitblit

parent: 4ef653ec | patch | commit | ignore whitespace

Till Brehm

2014-07-31 f2fc77f29ce81b6493ab629e0f8f9da2b3df857d

Improved input validation.

8 files modified

	interface/lib/classes/functions.inc.php	12 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/form/ftp_user.tform.php	5 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/form/shell_user.tform.php	13 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/ftp_user_edit.php	13 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/lib/lang/en_ftp_user.lng	2 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/lib/lang/en_shell_user.lng	3 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/shell_user_edit.php	14 ●●●●● patch \| view \| raw \| blame \| history
	server/lib/classes/system.inc.php	12 ●●●●● patch \| view \| raw \| blame \| history

 interface/lib/classes/functions.inc.php

@@ -427,7 +427,11 @@
    public function is_allowed_user($username, $restrict_names = false) {
        global $app;
        
        if($username == 'root') return false;
        $name_blacklist = array('root','ispconfig','vmail','getmail');
        if(in_array($username,$name_blacklist)) return false;
		
        if(preg_match('/^[\w\.\-]{0,32}$/', $username) == false) return false;
		
        if($restrict_names == true && preg_match('/^web\d+$/', $username) == false) return false;
        
        return true;
@@ -436,7 +440,11 @@
    public function is_allowed_group($groupname, $restrict_names = false) {
        global $app;
        
        if($groupname == 'root') return false;
        $name_blacklist = array('root','ispconfig','vmail','getmail');
        if(in_array($groupname,$name_blacklist)) return false;
		
        if(preg_match('/^[\w\.\-]{0,32}$/', $groupname) == false) return false;
		
        if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;
        
        return true;

 interface/web/sites/form/ftp_user.tform.php

@@ -187,7 +187,10 @@
                'datatype'  => 'VARCHAR',
                'formtype'  => 'TEXT',
                'validators'    => array (  0 => array (    'type'  => 'NOTEMPTY',
                        'errmsg'=> 'directory_error_empty'),
                                                            'errmsg'=> 'directory_error_empty'),
                                            1 => array (     'type' => 'REGEX',
                                                            'regex' => '/^\/[a-zA-Z0-9\ \.\-\_\/]{10,128}$/',
                                                            'errmsg'=> 'directory_error_regex'),
                ),
                'default'   => '',
                'value'     => '',

 interface/web/sites/form/shell_user.tform.php

@@ -197,6 +197,12 @@
            'shell' => array (
                'datatype' => 'VARCHAR',
                'formtype' => 'TEXT',
                'validators' => array ( 0 => array (     'type' => 'NOTEMPTY',
                                                        'errmsg'=> 'shell_error_empty'),
                                        1 => array (     'type' => 'REGEX',
                                                            'regex' => '/^\/[a-zA-Z0-9\/]{5,20}$/',
                                                            'errmsg'=> 'shell_error_regex'),
                ),
                'default' => '/bin/bash',
                'value'  => '',
                'width'  => '30',
@@ -205,8 +211,11 @@
            'dir' => array (
                'datatype' => 'VARCHAR',
                'formtype' => 'TEXT',
                'validators' => array (  0 => array ( 'type' => 'NOTEMPTY',
                        'errmsg'=> 'directory_error_empty'),
                'validators' => array ( 0 => array (     'type' => 'NOTEMPTY',
                                                        'errmsg'=> 'directory_error_empty'),
                                        1 => array (     'type' => 'REGEX',
                                                            'regex' => '/^\/[a-zA-Z0-9\ \.\-\_\/]{10,128}$/',
                                                            'errmsg'=> 'directory_error_regex'),
                ),
                'default' => '',
                'value'  => '',

 interface/web/sites/ftp_user_edit.php

@@ -138,6 +138,11 @@
        $dir = $app->db->quote($web["document_root"]);
        $uid = $app->db->quote($web["system_user"]);
        $gid = $app->db->quote($web["system_group"]);
		
        // Check system user and group
        if($app->functions->is_allowed_user($uid) == false || $app->functions->is_allowed_group($gid) == false) {
            $app->error('Invalid system user or group');
        }

        // The FTP user shall be owned by the same group then the website
        $sys_groupid = $app->functions->intval($web['sys_groupid']);
@@ -148,7 +153,15 @@

    function onBeforeUpdate() {
        global $app, $conf, $interfaceConf;
		

        // Check system user and group
        if(isset($this->dataRecord['uid'])) {
            if($app->functions->is_allowed_user(strtolower($this->dataRecord['uid']),true) == false || $app->functions->is_allowed_group(strtolower($this->dataRecord['gid']),true) == false) {
                $app->tform->errorMessage .= $app->tform->lng('invalid_system_user_or_group_txt');
            }
        }
		
        /*
         * If the names should be restricted -> do it!
         */

 interface/web/sites/lib/lang/en_ftp_user.lng

@@ -32,4 +32,6 @@
$wb['repeat_password_txt'] = 'Repeat Password';
$wb['password_mismatch_txt'] = 'The passwords do not match.';
$wb['password_match_txt'] = 'The passwords do match.';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['directory_error_regex'] = 'Invalid directory';
?>

 interface/web/sites/lib/lang/en_shell_user.lng

@@ -28,4 +28,7 @@
$wb['password_match_txt'] = 'The passwords do match.';
$wb['username_must_not_exceed_32_chars_txt'] = 'The username must not exceed 32 characters.';
$wb['username_not_allowed_txt'] = 'The username is not allowed.';
$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
$wb['directory_error_regex'] = 'Invalid directory';
$wb['shell_error_regex'] = 'Invalid shell';
?>

 interface/web/sites/shell_user_edit.php

@@ -135,6 +135,8 @@
            }
        }
        unset($blacklist);
		
        if($app->functions->is_allowed_user(trim(strtolower($this->dataRecord['username']))) == false) $app->tform->errorMessage .= $app->tform->lng('username_not_allowed_txt');

        /*
         * If the names should be restricted -> do it!
@@ -163,6 +165,11 @@
        $dir = $app->db->quote($web["document_root"]);
        $uid = $app->db->quote($web["system_user"]);
        $gid = $app->db->quote($web["system_group"]);
		
        // Check system user and group
        if($app->functions->is_allowed_user($uid) == false || $app->functions->is_allowed_group($gid) == false) {
            $app->error($app->tform->lng('invalid_system_user_or_group_txt'));
        }

        // The FTP user shall be owned by the same group then the website
        $sys_groupid = $app->functions->intval($web['sys_groupid']);
@@ -183,6 +190,13 @@
            }
        }
        unset($blacklist);
		
        // Check system user and group
        if(isset($this->dataRecord['puser'])) {
            if($app->functions->is_allowed_user(strtolower($this->dataRecord['puser']),true) == false || $app->functions->is_allowed_group(strtolower($this->dataRecord['pgroup']),true) == false) {
                $app->tform->errorMessage .= $app->tform->lng('invalid_system_user_or_group_txt');
            }
        }

        /*
         * If the names should be restricted -> do it!

 server/lib/classes/system.inc.php

@@ -1821,7 +1821,11 @@
    public function is_allowed_user($username, $check_id = true, $restrict_names = false) {
        global $app;
        
        if($username == 'root') return false;
        $name_blacklist = array('root','ispconfig','vmail','getmail');
        if(in_array($username,$name_blacklist)) return false;
		
        if(preg_match('/^[\w\.\-]{0,32}$/', $username) == false) return false;
		
        if($check_id && intval($this->getuid($username)) < $this->min_uid) return false;
        
        if($restrict_names == true && preg_match('/^web\d+$/', $username) == false) return false;
@@ -1832,7 +1836,11 @@
    public function is_allowed_group($groupname, $restrict_names = false) {
        global $app;
        
        if($groupname == 'root') return false;
        $name_blacklist = array('root','ispconfig','vmail','getmail');
        if(in_array($groupname,$name_blacklist)) return false;
		
        if(preg_match('/^[\w\.\-]{0,32}$/', $groupname) == false) return false;
		
        if(intval($this->getgid($groupname)) < $this->min_gid) return false;
        
        if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;

			@@ -427,7 +427,11 @@
			public function is_allowed_user($username, $restrict_names = false) {
			global $app;

			if($username == 'root') return false;
			$name_blacklist = array('root','ispconfig','vmail','getmail');
			if(in_array($username,$name_blacklist)) return false;

			if(preg_match('/^[\w\.\-]{0,32}$/', $username) == false) return false;

			if($restrict_names == true && preg_match('/^web\d+$/', $username) == false) return false;

			return true;
			@@ -436,7 +440,11 @@
			public function is_allowed_group($groupname, $restrict_names = false) {
			global $app;

			if($groupname == 'root') return false;
			$name_blacklist = array('root','ispconfig','vmail','getmail');
			if(in_array($groupname,$name_blacklist)) return false;

			if(preg_match('/^[\w\.\-]{0,32}$/', $groupname) == false) return false;

			if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;

			return true;

			@@ -187,7 +187,10 @@
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
			'errmsg'=> 'directory_error_empty'),
			'errmsg'=> 'directory_error_empty'),
			1 => array ( 'type' => 'REGEX',
			'regex' => '/^\/[a-zA-Z0-9\ \.\-\_\/]{10,128}$/',
			'errmsg'=> 'directory_error_regex'),
			),
			'default' => '',
			'value' => '',

			@@ -197,6 +197,12 @@
			'shell' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
			'errmsg'=> 'shell_error_empty'),
			1 => array ( 'type' => 'REGEX',
			'regex' => '/^\/[a-zA-Z0-9\/]{5,20}$/',
			'errmsg'=> 'shell_error_regex'),
			),
			'default' => '/bin/bash',
			'value' => '',
			'width' => '30',
			@@ -205,8 +211,11 @@
			'dir' => array (
			'datatype' => 'VARCHAR',
			'formtype' => 'TEXT',
			'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
			'errmsg'=> 'directory_error_empty'),
			'validators' => array ( 0 => array ( 'type' => 'NOTEMPTY',
			'errmsg'=> 'directory_error_empty'),
			1 => array ( 'type' => 'REGEX',
			'regex' => '/^\/[a-zA-Z0-9\ \.\-\_\/]{10,128}$/',
			'errmsg'=> 'directory_error_regex'),
			),
			'default' => '',
			'value' => '',

			@@ -138,6 +138,11 @@
			$dir = $app->db->quote($web["document_root"]);
			$uid = $app->db->quote($web["system_user"]);
			$gid = $app->db->quote($web["system_group"]);

			// Check system user and group
			if($app->functions->is_allowed_user($uid) == false \|\| $app->functions->is_allowed_group($gid) == false) {
			$app->error('Invalid system user or group');
			}

			// The FTP user shall be owned by the same group then the website
			$sys_groupid = $app->functions->intval($web['sys_groupid']);
			@@ -148,7 +153,15 @@

			function onBeforeUpdate() {
			global $app, $conf, $interfaceConf;


			// Check system user and group
			if(isset($this->dataRecord['uid'])) {
			if($app->functions->is_allowed_user(strtolower($this->dataRecord['uid']),true) == false \|\| $app->functions->is_allowed_group(strtolower($this->dataRecord['gid']),true) == false) {
			$app->tform->errorMessage .= $app->tform->lng('invalid_system_user_or_group_txt');
			}
			}

			/*
			* If the names should be restricted -> do it!
			*/

			@@ -32,4 +32,6 @@
			$wb['repeat_password_txt'] = 'Repeat Password';
			$wb['password_mismatch_txt'] = 'The passwords do not match.';
			$wb['password_match_txt'] = 'The passwords do match.';
			$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
			$wb['directory_error_regex'] = 'Invalid directory';
			?>

			@@ -28,4 +28,7 @@
			$wb['password_match_txt'] = 'The passwords do match.';
			$wb['username_must_not_exceed_32_chars_txt'] = 'The username must not exceed 32 characters.';
			$wb['username_not_allowed_txt'] = 'The username is not allowed.';
			$wb['invalid_system_user_or_group_txt'] = 'Invalid system user or group';
			$wb['directory_error_regex'] = 'Invalid directory';
			$wb['shell_error_regex'] = 'Invalid shell';
			?>

			@@ -135,6 +135,8 @@
			}
			}
			unset($blacklist);

			if($app->functions->is_allowed_user(trim(strtolower($this->dataRecord['username']))) == false) $app->tform->errorMessage .= $app->tform->lng('username_not_allowed_txt');

			/*
			* If the names should be restricted -> do it!
			@@ -163,6 +165,11 @@
			$dir = $app->db->quote($web["document_root"]);
			$uid = $app->db->quote($web["system_user"]);
			$gid = $app->db->quote($web["system_group"]);

			// Check system user and group
			if($app->functions->is_allowed_user($uid) == false \|\| $app->functions->is_allowed_group($gid) == false) {
			$app->error($app->tform->lng('invalid_system_user_or_group_txt'));
			}

			// The FTP user shall be owned by the same group then the website
			$sys_groupid = $app->functions->intval($web['sys_groupid']);
			@@ -183,6 +190,13 @@
			}
			}
			unset($blacklist);

			// Check system user and group
			if(isset($this->dataRecord['puser'])) {
			if($app->functions->is_allowed_user(strtolower($this->dataRecord['puser']),true) == false \|\| $app->functions->is_allowed_group(strtolower($this->dataRecord['pgroup']),true) == false) {
			$app->tform->errorMessage .= $app->tform->lng('invalid_system_user_or_group_txt');
			}
			}

			/*
			* If the names should be restricted -> do it!

			@@ -1821,7 +1821,11 @@
			public function is_allowed_user($username, $check_id = true, $restrict_names = false) {
			global $app;

			if($username == 'root') return false;
			$name_blacklist = array('root','ispconfig','vmail','getmail');
			if(in_array($username,$name_blacklist)) return false;

			if(preg_match('/^[\w\.\-]{0,32}$/', $username) == false) return false;

			if($check_id && intval($this->getuid($username)) < $this->min_uid) return false;

			if($restrict_names == true && preg_match('/^web\d+$/', $username) == false) return false;
			@@ -1832,7 +1836,11 @@
			public function is_allowed_group($groupname, $restrict_names = false) {
			global $app;

			if($groupname == 'root') return false;
			$name_blacklist = array('root','ispconfig','vmail','getmail');
			if(in_array($groupname,$name_blacklist)) return false;

			if(preg_match('/^[\w\.\-]{0,32}$/', $groupname) == false) return false;

			if(intval($this->getgid($groupname)) < $this->min_gid) return false;

			if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;