FHEM/fhem-mirror
2
0
Fork 0
mirror of https://github.com/fhem/fhem-mirror.git synced 2025-03-10 03:06:37 +00:00
Code Issues Releases Wiki Activity

fhem.pl: better check for allowedCommands (Forum #38276)

Browse Source 
git-svn-id: https://svn.fhem.de/fhem/trunk@10067 2b470e98-0d58-463d-a4d8-8e2adae1ed80
This commit is contained in:
rudolfkoenig 2015-12-01 15:57:00 +00:00
parent b40854f2d8
commit 02beb6751c
2 changed files with 25 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
fhem/FHEM/98_telnet.pm
View File

@ -21,7 +21,7 @@ telnet_Initialize($)
$hash->{UndefFn} = "telnet_Undef"; $hash->{UndefFn} = "telnet_Undef";
$hash->{AttrFn} = "telnet_Attr"; $hash->{AttrFn} = "telnet_Attr";
$hash->{NotifyFn}= "telnet_SecurityCheck"; $hash->{NotifyFn}= "telnet_SecurityCheck";
$hash->{AttrList} = "globalpassword password prompt ". $hash->{AttrList} = "globalpassword password prompt allowedCommands ".
"allowfrom SSL connectTimeout connectInterval ". "allowfrom SSL connectTimeout connectInterval ".
"encoding:utf8,latin1 sslVersion"; "encoding:utf8,latin1 sslVersion";
$hash->{ActivateInformFn} = "telnet_ActivateInform"; $hash->{ActivateInformFn} = "telnet_ActivateInform";
@ -269,7 +269,8 @@ telnet_Read($)
undef($hash->{prevlines}); undef($hash->{prevlines});
} }
$cmd = latin1ToUtf8($cmd) if( $hash->{encoding} eq "latin1" ); $cmd = latin1ToUtf8($cmd) if( $hash->{encoding} eq "latin1" );
$ret = AnalyzeCommandChain($hash, $cmd); $ret = AnalyzeCommandChain($hash, $cmd,
AttrVal($sname,"allowedCommands",undef));
push @ret, $ret if(defined($ret)); push @ret, $ret if(defined($ret));
} }
} else { } else {
@ -420,6 +421,8 @@ telnet_ActivateInform($;$)
<a name="telnetattr"></a> <a name="telnetattr"></a>
<b>Attributes:</b> <b>Attributes:</b>
<ul> <ul>
<a href="#allowedCommands">allowedCommands</a><br>
<a name="password"></a> <a name="password"></a>
<li>password<br> <li>password<br>
Specify a password, which has to be entered as the very first string Specify a password, which has to be entered as the very first string
@ -570,6 +573,8 @@ telnet_ActivateInform($;$)
<a name="telnetattr"></a> <a name="telnetattr"></a>
<b>Attribute</b> <b>Attribute</b>
<ul> <ul>
<a href="#allowedCommands">allowedCommands</a><br>
<a name="password"></a> <a name="password"></a>
<li>password<br> <li>password<br>
Bezeichnet ein Passwort, welches als allererster String eingegeben Bezeichnet ein Passwort, welches als allererster String eingegeben

34
fhem/fhem.pl
View File

@ -101,7 +101,7 @@ sub concatc($$$);
sub configDBUsed(); sub configDBUsed();
sub createNtfyHash(); sub createNtfyHash();
sub createUniqueId(); sub createUniqueId();
sub devspec2array($); sub devspec2array($;$);
sub doGlobalDef($); sub doGlobalDef($);
sub escapeLogLine($); sub escapeLogLine($);
sub evalStateFormat($); sub evalStateFormat($);
@ -940,6 +940,8 @@ AnalyzePerlCommand($$;$)
{ {
my ($cl, $cmd, $calledFromChain) = @_; my ($cl, $cmd, $calledFromChain) = @_;
return "Forbidden command $cmd."
if($cl && $cl->{".allowed"} && $cl->{".allowed"} !~ m/\bperl\b/);
$cmd =~ s/\\ *\n/ /g; # Multi-line. Probably not needed anymore $cmd =~ s/\\ *\n/ /g; # Multi-line. Probably not needed anymore
# Make life easier for oneliners: # Make life easier for oneliners:
@ -986,6 +988,7 @@ AnalyzeCommand($$;$)
{ {
my ($cl, $cmd, $allowed) = @_; my ($cl, $cmd, $allowed) = @_;
$cl->{".allowed"} = $allowed if($cl); Forum #38276
$cmd = "" if(!defined($cmd)); # Forum #29963 $cmd = "" if(!defined($cmd)); # Forum #29963
$cmd =~ s/^(\n|[ \t])*//;# Strip space or \n at the begginning $cmd =~ s/^(\n|[ \t])*//;# Strip space or \n at the begginning
$cmd =~ s/[ \t]*$//; $cmd =~ s/[ \t]*$//;
@ -994,7 +997,6 @@ AnalyzeCommand($$;$)
return undef if(!$cmd); return undef if(!$cmd);
if($cmd =~ m/^{.*}$/s) { # Perl code if($cmd =~ m/^{.*}$/s) { # Perl code
return "Forbidden command $cmd." if($allowed && $allowed !~ m/\bperl\b/);
return AnalyzePerlCommand($cl, $cmd, 1); return AnalyzePerlCommand($cl, $cmd, 1);
} }
@ -1061,9 +1063,9 @@ AnalyzeCommand($$;$)
} }
sub sub
devspec2array($) devspec2array($;$)
{ {
my ($name) = @_; my ($name, $cl) = @_;
return "" if(!defined($name)); return "" if(!defined($name));
if(defined($defs{$name})) { if(defined($defs{$name})) {
@ -1096,7 +1098,7 @@ devspec2array($)
if($op eq "eval") { if($op eq "eval") {
my $exec = EvalSpecials($n, %{{"%DEVICE"=>$d}}); my $exec = EvalSpecials($n, %{{"%DEVICE"=>$d}});
push @res, $d if(AnalyzePerlCommand(undef, $exec)); push @res, $d if(AnalyzePerlCommand($cl, $exec));
next; next;
} }
@ -1570,7 +1572,7 @@ CommandSet($$)
return "Usage: set <name> <type-dependent-options>\n$namedef" if(int(@a)<1); return "Usage: set <name> <type-dependent-options>\n$namedef" if(int(@a)<1);
my @rets; my @rets;
foreach my $sdev (devspec2array($a[0])) { foreach my $sdev (devspec2array($a[0], $cl)) {
$a[0] = $sdev; $a[0] = $sdev;
$defs{$sdev}->{CL} = $cl; $defs{$sdev}->{CL} = $cl;
@ -1594,7 +1596,7 @@ CommandGet($$)
my @rets; my @rets;
foreach my $sdev (devspec2array($a[0])) { foreach my $sdev (devspec2array($a[0], $cl)) {
if(!defined($defs{$sdev})) { if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first"; push @rets, "Please define $sdev first";
next; next;
@ -1845,7 +1847,7 @@ CommandDelete($$)
return "Usage: delete <name>$namedef\n" if(!$def); return "Usage: delete <name>$namedef\n" if(!$def);
my @rets; my @rets;
foreach my $sdev (devspec2array($def)) { foreach my $sdev (devspec2array($def, $cl)) {
if(!defined($defs{$sdev})) { if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first"; push @rets, "Please define $sdev first";
next; next;
@ -1894,7 +1896,7 @@ CommandDeleteAttr($$)
return "Usage: deleteattr <name> [<attrname>]\n$namedef" if(@a < 1); return "Usage: deleteattr <name> [<attrname>]\n$namedef" if(@a < 1);
my @rets; my @rets;
foreach my $sdev (devspec2array($a[0])) { foreach my $sdev (devspec2array($a[0], $cl)) {
if(!defined($defs{$sdev})) { if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first"; push @rets, "Please define $sdev first";
@ -1940,7 +1942,7 @@ CommandDisplayAttr($$)
return "Usage: displayattr <name> [<attrname>]\n$namedef" if(@a < 1); return "Usage: displayattr <name> [<attrname>]\n$namedef" if(@a < 1);
my @rets; my @rets;
my @devspec = devspec2array($a[0]); my @devspec = devspec2array($a[0],$cl);
foreach my $sdev (@devspec) { foreach my $sdev (@devspec) {
@ -1980,7 +1982,7 @@ CommandDeleteReading($$)
%ntfyHash = (); %ntfyHash = ();
my @rets; my @rets;
foreach my $sdev (devspec2array($a[0])) { foreach my $sdev (devspec2array($a[0],$cl)) {
if(!defined($defs{$sdev})) { if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first"; push @rets, "Please define $sdev first";
@ -2011,7 +2013,7 @@ CommandSetReading($$)
my $err; my $err;
my @rets; my @rets;
foreach my $sdev (devspec2array($a[0])) { foreach my $sdev (devspec2array($a[0],$cl)) {
if(!defined($defs{$sdev})) { if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first"; push @rets, "Please define $sdev first";
@ -2095,7 +2097,7 @@ CommandList($$)
} else { # devspecArray } else { # devspecArray
my @arg = split(" ", $param); my @arg = split(" ", $param);
my @list = devspec2array($arg[0]); my @list = devspec2array($arg[0],$cl);
if($arg[1]) { if($arg[1]) {
foreach my $sdev (@list) { # Show a Hash-Entry or Reading for each device foreach my $sdev (@list) { # Show a Hash-Entry or Reading for each device
@ -2381,7 +2383,7 @@ CommandAttr($$)
if(@a && @a < 2); if(@a && @a < 2);
my @rets; my @rets;
foreach my $sdev (devspec2array($a[0])) { foreach my $sdev (devspec2array($a[0],$cl)) {
my $hash = $defs{$sdev}; my $hash = $defs{$sdev};
my $attrName = $a[1]; my $attrName = $a[1];
@ -2525,7 +2527,7 @@ CommandSetstate($$)
return "Usage: setstate <name> <state>\n$namedef" if(@a != 2); return "Usage: setstate <name> <state>\n$namedef" if(@a != 2);
my @rets; my @rets;
foreach my $sdev (devspec2array($a[0])) { foreach my $sdev (devspec2array($a[0],$cl)) {
if(!defined($defs{$sdev})) { if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first"; push @rets, "Please define $sdev first";
next; next;
@ -2585,7 +2587,7 @@ CommandTrigger($$)
$state = "" if(!defined($state)); $state = "" if(!defined($state));
my @rets; my @rets;
foreach my $sdev (devspec2array($dev)) { foreach my $sdev (devspec2array($dev,$cl)) {
if(!defined($defs{$sdev})) { if(!defined($defs{$sdev})) {
push @rets, "Please define $sdev first"; push @rets, "Please define $sdev first";
next; next;