FHEM/fhem-mirror
2
0
Fork 0
mirror of https://github.com/fhem/fhem-mirror.git synced 2025-03-10 03:06:37 +00:00
Code Issues Releases Wiki Activity

fhem.pl: better check for allowedCommands (Forum #38276)

Browse Source 
git-svn-id: https://svn.fhem.de/fhem/trunk@10067 2b470e98-0d58-463d-a4d8-8e2adae1ed80
This commit is contained in:
rudolfkoenig 2015-12-01 15:57:00 +00:00
parent b40854f2d8
commit 02beb6751c
2 changed files with 25 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
fhem/FHEM/98_telnet.pm
View File

@ -21,7 +21,7 @@ telnet_Initialize($)
$hash->{UndefFn} = "telnet_Undef";
$hash->{AttrFn} = "telnet_Attr";
$hash->{NotifyFn}= "telnet_SecurityCheck";
$hash->{AttrList} = "globalpassword password prompt ".
$hash->{AttrList} = "globalpassword password prompt allowedCommands ".
"allowfrom SSL connectTimeout connectInterval ".
"encoding:utf8,latin1 sslVersion";
$hash->{ActivateInformFn} = "telnet_ActivateInform";
@ -269,7 +269,8 @@ telnet_Read($)
undef($hash->{prevlines});
}
$cmd = latin1ToUtf8($cmd) if( $hash->{encoding} eq "latin1" );
$ret = AnalyzeCommandChain($hash, $cmd);
$ret = AnalyzeCommandChain($hash, $cmd,
AttrVal($sname,"allowedCommands",undef));
push @ret, $ret if(defined($ret));
}
} else {
@ -420,6 +421,8 @@ telnet_ActivateInform($;$)
<a name="telnetattr"></a>
<b>Attributes:</b>
<ul>
<a href="#allowedCommands">allowedCommands</a><br>
<a name="password"></a>
<li>password<br>
Specify a password, which has to be entered as the very first string
@ -570,6 +573,8 @@ telnet_ActivateInform($;$)
<a name="telnetattr"></a>
<b>Attribute</b>
<ul>
<a href="#allowedCommands">allowedCommands</a><br>
<a name="password"></a>
<li>password<br>
Bezeichnet ein Passwort, welches als allererster String eingegeben

34
fhem/fhem.pl
View File

@ -101,7 +101,7 @@ sub concatc($$$);
sub configDBUsed();
sub createNtfyHash();
sub createUniqueId();
sub devspec2array($);
sub devspec2array($;$);
sub doGlobalDef($);
sub escapeLogLine($);
sub evalStateFormat($);
@ -940,6 +940,8 @@ AnalyzePerlCommand($$;$)
{
my ($cl, $cmd, $calledFromChain) = @_;
return "Forbidden command $cmd."
if($cl && $cl->{".allowed"} && $cl->{".allowed"} !~ m/\bperl\b/);
$cmd =~ s/\\ *\n/ /g; # Multi-line. Probably not needed anymore
# Make life easier for oneliners:
@ -986,6 +988,7 @@ AnalyzeCommand($$;$)
{
my ($cl, $cmd, $allowed) = @_;
$cl->{".allowed"} = $allowed if($cl); Forum #38276
$cmd = "" if(!defined($cmd)); # Forum #29963
$cmd =~ s/^(\n|[ \t])*//;# Strip space or \n at the begginning
$cmd =~ s/[ \t]*$//;
@ -994,7 +997,6 @@ AnalyzeCommand($$;$)
return undef if(!$cmd);
if($cmd =~ m/^{.*}$/s) { # Perl code
return "Forbidden command $cmd." if($allowed && $allowed !~ m/\bperl\b/);
return AnalyzePerlCommand($cl, $cmd, 1);
}
@ -1061,9 +1063,9 @@ AnalyzeCommand($$;$)
}
sub
devspec2array($)
devspec2array($;$)
{
my ($name) = @_;
my ($name, $cl) = @_;
return "" if(!defined($name));
if(defined($defs{$name})) {
@ -1096,7 +1098,7 @@ devspec2array($)
if($op eq "eval") {
my $exec = EvalSpecials($n, %{{"%DEVICE"=>$d}});
push @res, $d if(AnalyzePerlCommand(undef, $exec));
push @res, $d if(AnalyzePerlCommand($cl, $exec));
next;
}
@ -1570,7 +1572,7 @@ CommandSet($$)
return "Usage: set <name> <type-dependent-options>\n$namedef" if(int(@a)<1);
my @rets;
foreach my $sdev (devspec2array($a[0])) {
foreach my $sdev (devspec2array($a[0], $cl)) {
$a[0] = $sdev;
$defs{$sdev}->{CL} = $cl;
@ -1594,7 +1596,7 @@ CommandGet($$)
my @rets;
foreach my $sdev (devspec2array($a[0])) {
foreach my $sdev (devspec2array($a[0], $cl)) {
if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first";
next;
@ -1845,7 +1847,7 @@ CommandDelete($$)
return "Usage: delete <name>$namedef\n" if(!$def);
my @rets;
foreach my $sdev (devspec2array($def)) {
foreach my $sdev (devspec2array($def, $cl)) {
if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first";
next;
@ -1894,7 +1896,7 @@ CommandDeleteAttr($$)
return "Usage: deleteattr <name> [<attrname>]\n$namedef" if(@a < 1);
my @rets;
foreach my $sdev (devspec2array($a[0])) {
foreach my $sdev (devspec2array($a[0], $cl)) {
if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first";
@ -1940,7 +1942,7 @@ CommandDisplayAttr($$)
return "Usage: displayattr <name> [<attrname>]\n$namedef" if(@a < 1);
my @rets;
my @devspec = devspec2array($a[0]);
my @devspec = devspec2array($a[0],$cl);
foreach my $sdev (@devspec) {
@ -1980,7 +1982,7 @@ CommandDeleteReading($$)
%ntfyHash = ();
my @rets;
foreach my $sdev (devspec2array($a[0])) {
foreach my $sdev (devspec2array($a[0],$cl)) {
if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first";
@ -2011,7 +2013,7 @@ CommandSetReading($$)
my $err;
my @rets;
foreach my $sdev (devspec2array($a[0])) {
foreach my $sdev (devspec2array($a[0],$cl)) {
if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first";
@ -2095,7 +2097,7 @@ CommandList($$)
} else { # devspecArray
my @arg = split(" ", $param);
my @list = devspec2array($arg[0]);
my @list = devspec2array($arg[0],$cl);
if($arg[1]) {
foreach my $sdev (@list) { # Show a Hash-Entry or Reading for each device
@ -2381,7 +2383,7 @@ CommandAttr($$)
if(@a && @a < 2);
my @rets;
foreach my $sdev (devspec2array($a[0])) {
foreach my $sdev (devspec2array($a[0],$cl)) {
my $hash = $defs{$sdev};
my $attrName = $a[1];
@ -2525,7 +2527,7 @@ CommandSetstate($$)
return "Usage: setstate <name> <state>\n$namedef" if(@a != 2);
my @rets;
foreach my $sdev (devspec2array($a[0])) {
foreach my $sdev (devspec2array($a[0],$cl)) {
if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first";
next;
@ -2585,7 +2587,7 @@ CommandTrigger($$)
$state = "" if(!defined($state));
my @rets;
foreach my $sdev (devspec2array($dev)) {
foreach my $sdev (devspec2array($dev,$cl)) {
if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first";
next;