[Web] More checks and fixes for transport maps

master
andryyy 2018-12-21 12:48:30 +01:00
parent 232d4770bc
commit 6dc2a0ee1a
3 changed files with 76 additions and 15 deletions

View File

@ -188,8 +188,11 @@ function transport($_action, $_data = null) {
} }
$destination = trim($_data['destination']); $destination = trim($_data['destination']);
$nexthop = trim($_data['nexthop']); $nexthop = trim($_data['nexthop']);
preg_match('/\[(.+)\].*/', $nexthop, $next_hop_matches);
$next_hop_clean = (isset($next_hop_matches[1])) ? $next_hop_matches[1] : $nexthop;
$username = str_replace(':', '\:', trim($_data['username'])); $username = str_replace(':', '\:', trim($_data['username']));
$password = str_replace(':', '\:', trim($_data['password'])); $password = str_replace(':', '\:', trim($_data['password']));
// ".domain" is a valid destination, "..domain" is not
if (empty($destination) || (is_valid_domain_name(preg_replace('/^' . preg_quote('.', '/') . '/', '', $destination)) === false && $destination != '*')) { if (empty($destination) || (is_valid_domain_name(preg_replace('/^' . preg_quote('.', '/') . '/', '', $destination)) === false && $destination != '*')) {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
@ -206,18 +209,39 @@ function transport($_action, $_data = null) {
); );
return false; return false;
} }
if (!empty($username)) { $transports = transport('get');
$transports = transport('get'); if (!empty($transports)) {
if (!empty($transports)) { foreach ($transports as $transport) {
foreach ($transports as $transport) { $transport_data = transport('details', $transport['id']);
if (transport('details', $transport['id'])['nexthop'] == $nexthop && transport('details', $transport['id'])['username'] != $username) { $existing_nh[] = $transport_data['nexthop'];
$_SESSION['return'][] = array( preg_match('/\[(.+)\].*/', $transport_data['nexthop'], $existing_clean_nh[]);
'type' => 'danger', if (($transport_data['nexthop'] == $nexthop || $transport_data['nexthop'] == $next_hop_clean) && $transport_data['username'] != $username) {
'log' => array(__FUNCTION__, $_action, $_data_log), $_SESSION['return'][] = array(
'msg' => 'invalid_nexthop_authenticated' 'type' => 'danger',
); 'log' => array(__FUNCTION__, $_action, $_data_log),
return false; 'msg' => 'invalid_nexthop_authenticated'
} );
return false;
}
}
}
if (in_array($next_hop_clean, $existing_nh)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('next_hop_interferes', $next_hop_clean, $nexthop)
);
return false;
}
if (!isset($next_hop_matches[1])) {
foreach ($existing_clean_nh as $existing_clean_nh_each) {
if ($existing_clean_nh_each[1] == $nexthop) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('next_hop_interferes_any', $nexthop)
);
return false;
} }
} }
} }
@ -274,9 +298,6 @@ function transport($_action, $_data = null) {
$password = (isset($_data['password'])) ? trim($_data['password']) : $is_now['password']; $password = (isset($_data['password'])) ? trim($_data['password']) : $is_now['password'];
$active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active_int']; $active = (isset($_data['active'])) ? intval($_data['active']) : $is_now['active_int'];
} }
if (empty($username)) {
$password = '';
}
else { else {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
'type' => 'danger', 'type' => 'danger',
@ -285,6 +306,42 @@ function transport($_action, $_data = null) {
); );
continue; continue;
} }
preg_match('/\[(.+)\].*/', $nexthop, $next_hop_matches);
$next_hop_clean = (isset($next_hop_matches[1])) ? $next_hop_matches[1] : $nexthop;
$transports = transport('get');
if (!empty($transports)) {
foreach ($transports as $transport) {
$transport_data = transport('details', $transport['id']);
if ($transport['id'] == $id) {
continue;
}
$existing_nh[] = $transport_data['nexthop'];
preg_match('/\[(.+)\].*/', $transport_data['nexthop'], $existing_clean_nh[]);
}
}
if (in_array($next_hop_clean, $existing_nh)) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('next_hop_interferes', $next_hop_clean, $nexthop)
);
return false;
}
if (!isset($next_hop_matches[1])) {
foreach ($existing_clean_nh as $existing_clean_nh_each) {
if ($existing_clean_nh_each[1] == $nexthop) {
$_SESSION['return'][] = array(
'type' => 'danger',
'log' => array(__FUNCTION__, $_action, $_data_log),
'msg' => array('next_hop_interferes_any', $nexthop)
);
return false;
}
}
}
if (empty($username)) {
$password = '';
}
try { try {
$stmt = $pdo->prepare("UPDATE `transports` SET $stmt = $pdo->prepare("UPDATE `transports` SET
`destination` = :destination, `destination` = :destination,

View File

@ -32,6 +32,8 @@ $lang['danger']['ip_list_empty'] = "Liste erlaubter IPs darf nicht leer sein";
$lang['danger']['invalid_destination'] = "Ziel-Format ist ungültig"; $lang['danger']['invalid_destination'] = "Ziel-Format ist ungültig";
$lang['danger']['invalid_nexthop'] = "Next Hop ist ungültig"; $lang['danger']['invalid_nexthop'] = "Next Hop ist ungültig";
$lang['danger']['invalid_nexthop_authenticated'] = 'Dieser Next Hop existiert bereits mit abweichenden Authentifizierungsdaten. Die bestehenden Authentifizierungsdaten dieses "Next Hops" müssen vorab angepasst werden.'; $lang['danger']['invalid_nexthop_authenticated'] = 'Dieser Next Hop existiert bereits mit abweichenden Authentifizierungsdaten. Die bestehenden Authentifizierungsdaten dieses "Next Hops" müssen vorab angepasst werden.';
$lang['danger']['next_hop_interferes'] = "%s verhindert das Hinzufügen von Next Hop %s";
$lang['danger']['next_hop_interferes_any'] = "Ein vorhandener Eintrag verhindert das Hinzufügen von Next Hop %s";
$lang['danger']['rspamd_ui_pw_length'] = "Rspamd UI Passwort muss mindestens 6 Zeichen lang sein"; $lang['danger']['rspamd_ui_pw_length'] = "Rspamd UI Passwort muss mindestens 6 Zeichen lang sein";
$lang['success']['rspamd_ui_pw_set'] = "Rspamd UI Passwort wurde gesetzt"; $lang['success']['rspamd_ui_pw_set'] = "Rspamd UI Passwort wurde gesetzt";
$lang['success']['queue_command_success'] = "Queue-Aufgabe erfolgreich ausgeführt"; $lang['success']['queue_command_success'] = "Queue-Aufgabe erfolgreich ausgeführt";

View File

@ -33,6 +33,8 @@ $lang['danger']['ip_list_empty'] = "List of allowed IPs cannot be empty";
$lang['danger']['invalid_destination'] = "Destination format is invalid"; $lang['danger']['invalid_destination'] = "Destination format is invalid";
$lang['danger']['invalid_nexthop'] = "Next hop format is invalid"; $lang['danger']['invalid_nexthop'] = "Next hop format is invalid";
$lang['danger']['invalid_nexthop_authenticated'] = "Next hops exists with different credentials, please update the existing credentials for this next hop first."; $lang['danger']['invalid_nexthop_authenticated'] = "Next hops exists with different credentials, please update the existing credentials for this next hop first.";
$lang['danger']['next_hop_interferes'] = "%s interferes with nexthop %s";
$lang['danger']['next_hop_interferes_any'] = "An existing next hop interferes with %s";
$lang['danger']['rspamd_ui_pw_length'] = "Rspamd UI password should be at least 6 chars long"; $lang['danger']['rspamd_ui_pw_length'] = "Rspamd UI password should be at least 6 chars long";
$lang['success']['rspamd_ui_pw_set'] = "Rspamd UI password successfully set"; $lang['success']['rspamd_ui_pw_set'] = "Rspamd UI password successfully set";
$lang['success']['queue_command_success'] = "Queue command completed successfully"; $lang['success']['queue_command_success'] = "Queue command completed successfully";