From 2609d4826795788ada8a79976807f33c437dd01f Mon Sep 17 00:00:00 2001 From: rettenbe Date: Tue, 12 Feb 2008 17:13:13 +0000 Subject: [PATCH] check outgoing msg to gosa-si envelope validity git-svn-id: https://oss.gonicus.de/repositories/gosa/trunk@8878 594d385d-05f5-0310-b6e9-bd551577e9d8 --- gosa-si/gosa-si-client | 115 ++++++++++++++++++++++++++++++++------- gosa-si/gosa-si-server | 106 +++++++++++++++++++++++++----------- gosa-si/tests/client.php | 2 +- 3 files changed, 172 insertions(+), 51 deletions(-) diff --git a/gosa-si/gosa-si-client b/gosa-si/gosa-si-client index b573f13de..9b0374de2 100755 --- a/gosa-si/gosa-si-client +++ b/gosa-si/gosa-si-client @@ -958,6 +958,7 @@ sub check_key_and_xml_validity { $msg_hash = $xml->XMLin($msg, ForceArray=>1); + ############## # check header my $header_l = $msg_hash->{'header'}; if( 1 != @{$header_l} ) { @@ -968,36 +969,102 @@ sub check_key_and_xml_validity { die 'header has length 0'; } + ############## # check source my $source_l = $msg_hash->{'source'}; if( 1 != @{$source_l} ) { - die 'no or more sources specified'; + die 'no or more than 1 sources specified'; } my $source = @{$source_l}[0]; if( 0 == length $source) { die 'source has length 0'; } - - # check target + unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ) { + die "source '$source' is neither a complete ip-address with port nor 'GOSA'"; + } + + ############## + # check target my $target_l = $msg_hash->{'target'}; if( 1 != @{$target_l} ) { - die 'no or more targets specified '; + die 'no or more than 1 targets specified '; } my $target = @{$target_l}[0]; if( 0 == length $target) { die 'target has length 0 '; } - + unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ){ + die "source is neither a complete ip-address with port nor 'GOSA'"; + } }; if($@) { &main::daemon_log("WARNING: do not understand the message or msg is not gosa-si envelope conform:", 5); &main::daemon_log("$@", 8); + $msg = undef; + $msg_hash = undef; } return ($msg, $msg_hash); } +sub check_outgoing_xml_validity { + my ($msg) = @_; + + my $msg_hash; + eval{ + $msg_hash = $xml->XMLin($msg, ForceArray=>1); + + ############## + # check header + my $header_l = $msg_hash->{'header'}; + if( 1 != @{$header_l} ) { + die 'no or more than one headers specified'; + } + my $header = @{$header_l}[0]; + if( 0 == length $header) { + die 'header has length 0'; + } + + ############## + # check source + my $source_l = $msg_hash->{'source'}; + if( 1 != @{$source_l} ) { + die 'no or more than 1 sources specified'; + } + my $source = @{$source_l}[0]; + if( 0 == length $source) { + die 'source has length 0'; + } + unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ || + $source =~ /^GOSA$/i ) { + die "source '$source' is neither a complete ip-address with port"; + } + + ############## + # check target + my $target_l = $msg_hash->{'target'}; + if( 1 != @{$target_l} ) { + die "no or more than one targets specified"; + } + foreach my $target (@$target_l) { + if( 0 == length $target) { + die "target has length 0"; + } + unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ ) { + die "target '$target' is not a complete ip-address with port or a valid target name"; + } + } + }; + if($@) { + daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5); + daemon_log("$@ $msg", 8); + $msg_hash = undef; + } + return ($msg_hash); +} + + sub import_events { if (not -e $event_dir) { @@ -1077,21 +1144,31 @@ sub server_input { ######## # answer if( $answer ) { - # preprocessing - if( $answer =~ "
registered
") { - # set registered flag to true to stop sending further registered msgs - $REGISTERED = 1; - } - else { - &send_msg_to_target($answer, $server_address, $server_key); - } - # postprocessing - if( $answer =~ "
new_key
") { - # set new key to global variable - $answer =~ /(\S*?)<\/new_key>/; - my $new_key = $1; - $server_key = $new_key; + + #check gosa-si envelope validity + my $answer_hash = &check_outgoing_xml_validity($answer); + + if( $answer_hash ) { + # answer is valid + + # preprocessing + if( $answer =~ "
registered
") { + # set registered flag to true to stop sending further registered msgs + $REGISTERED = 1; + } + else { + &send_msg_to_target($answer, $server_address, $server_key); + } + + # postprocessing + if( $answer =~ "
new_key
") { + # set new key to global variable + $answer =~ /(\S*?)<\/new_key>/; + my $new_key = $1; + $server_key = $new_key; + } } + } return; diff --git a/gosa-si/gosa-si-server b/gosa-si/gosa-si-server index 127d8b65e..e3849b442 100755 --- a/gosa-si/gosa-si-server +++ b/gosa-si/gosa-si-server @@ -427,6 +427,68 @@ sub check_key_and_xml_validity { } +sub check_outgoing_xml_validity { + my ($msg) = @_; + + my $msg_hash; + eval{ + $msg_hash = $xml->XMLin($msg, ForceArray=>1); + + ############## + # check header + my $header_l = $msg_hash->{'header'}; + if( 1 != @{$header_l} ) { + die 'no or more than one headers specified'; + } + my $header = @{$header_l}[0]; + if( 0 == length $header) { + die 'header has length 0'; + } + + ############## + # check source + my $source_l = $msg_hash->{'source'}; + if( 1 != @{$source_l} ) { + die 'no or more than 1 sources specified'; + } + my $source = @{$source_l}[0]; + if( 0 == length $source) { + die 'source has length 0'; + } + unless( $source =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ || + $source =~ /^GOSA$/i ) { + die "source '$source' is neither a complete ip-address with port nor 'GOSA'"; + } + + ############## + # check target + my $target_l = $msg_hash->{'target'}; + if( 0 == @{$target_l} ) { + die "no targets specified"; + } + foreach my $target (@$target_l) { + if( 0 == length $target) { + die "target has length 0"; + } + unless( $target =~ /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}:\d+$/ || + $target =~ /^GOSA$/i || + $target =~ /^\*$/ || + $target =~ /KNOWN_SERVER/i || + $target =~ /^([0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2}:[0-9a-f]{2})$/i ){ + die "target '$target' is not a complete ip-address with port or a valid target name or a mac-address"; + } + } + }; + if($@) { + daemon_log("WARNING: outgoing msg is not gosa-si envelope conform", 5); + daemon_log("$@ $msg", 8); + $msg_hash = undef; + } + + return ($msg_hash); +} + + sub input_from_known_server { my ($input, $remote_ip) = @_ ; my ($msg, $msg_hash, $module); @@ -515,6 +577,9 @@ sub input_from_unknown_host { # check a key exists for this module my $module_key = ${$mod."_key"}; if( ! $module_key ) { + if( $mod eq 'ArpHandler' ) { + next; + } daemon_log("ERROR: no key specified in config file for $mod", 1); next; } @@ -826,17 +891,14 @@ sub client_input { # msg is from a new client or gosa ($msg, $msg_hash, $module) = &input_from_unknown_host($input); - # msg is from a gosa-si-server or gosa-si-bus if(( !$msg ) || ( !$msg_hash ) || ( !$module )){ ($msg, $msg_hash, $module) = &input_from_known_server($input, $heap->{'remote_ip'}); } - # msg is from a gosa-si-client if(( !$msg ) || ( !$msg_hash ) || ( !$module )){ ($msg, $msg_hash, $module) = &input_from_known_client($input, $heap->{'remote_ip'}); } - # an error occurred if(( !$msg ) || ( !$msg_hash ) || ( !$module )){ $error++; @@ -859,36 +921,18 @@ sub client_input { # answer if( $error == 0 ) { - # for each answer in answer list foreach my $answer ( @{$answer_l} ) { - - my $error = 0; - # check answer if gosa-si envelope conform - if(defined($answer)) { - my $answer_hash = $xml->XMLin($answer, ForceArray=>1); - $answer_header = @{$answer_hash->{'header'}}[0]; - @answer_target_l = @{$answer_hash->{'target'}}; - $answer_source = @{$answer_hash->{'source'}}[0]; - if( !$answer_header ) { - daemon_log('ERROR: module answer is not gosa-si envelope conform: no header', 1); - daemon_log("\n$answer", 8); - $error++; - } - if( 0 == length @answer_target_l ) { - daemon_log('ERROR: module answer is not gosa-si envelope conform: no targets', 1); - daemon_log("\n$answer", 8); - $error++; - } - if( !$answer_source ) { - daemon_log('ERROR: module answer is not gosa-si envelope conform: no source', 1); - daemon_log("\n$answer", 8); - $error++; - } - - if( $error != 0 ) { - next; - } + # for each answer in answer list + + # check outgoing msg to xml validity + my $answer_hash = &check_outgoing_xml_validity($answer); + if( not defined $answer_hash ) { + next; } + + $answer_header = @{$answer_hash->{'header'}}[0]; + @answer_target_l = @{$answer_hash->{'target'}}; + $answer_source = @{$answer_hash->{'source'}}[0]; # deliver msg to all targets foreach my $answer_target ( @answer_target_l ) { diff --git a/gosa-si/tests/client.php b/gosa-si/tests/client.php index 4f07e4542..c0d3332d0 100755 --- a/gosa-si/tests/client.php +++ b/gosa-si/tests/client.php @@ -48,7 +48,7 @@ if($sock->connected()){ #$data = "
gosa_halt
10.89.1.31:20083 10.89.1.31:20081
"; #$data = "
gosa_new_key_for_client
00:01:6c:9d:b9:fa 10.89.1.31:20081
"; #$data = "
gosa_new_key_for_client
00:0c:29:bd:7b:e7 10.89.1.31:20081
"; -$data = "
gosa_new_key_for_client
10.89.1.197:20083 10.89.1.31:20081
"; +$data = "
gosa_new_key_for_client
10.89.1.12:1234 10.89.1.31:20081
"; #$data = "
gosa_new_key_for_client
10.89.1.31:20083 10.89.1.31:20081
"; -- 2.30.2