Commit 8606b1db authored by Xavier Guimard's avatar Xavier Guimard

LEMONLDAP::NG : new feature: configuration is now checked before saving in Lemonldap::NG::Manager

git-svn-id: svn://svn.forge.objectweb.org/svnroot/lemonldap/trunk@91 1dbb9719-a921-0410-b57f-c3a383c2c641
parent 6a2835aa
......@@ -81,7 +81,13 @@ sub logout($$) {
sub confTest($$) {
my ( $class, $args ) = @_;
if ( $args->{_n_conf} ) {
return 1 if ( $args->{_n_conf} == $cfgNum or $childLock );
return 1 if ( $args->{_n_conf} == $cfgNum );
if( $childLock ) {
$class->lmLog( "$class: child $$ detects configuration but local "
. 'storage is locked, continues to work with the old one',
'debug' );
return 1;
}
$childLock = 1;
$class->globalInit($args);
$childLock = 0;
......
Revision history for Perl extension Lemonldap::NG::Manager.
0.6 Sat Mar 17 22:13:08 2007
- New feature : restricted version of Manager. Only choosen virtual hosts
are displayed.
- New feature :
* restricted version of Manager. Only choosen virtual hosts are
displayed
* configuration is checked before saving
0.512 Tue Mar 13 7:57:30 2007
- New feature in Manager : "Delete VHost" button (Closes: #306761 /
......
......@@ -9,7 +9,10 @@ use Lemonldap::NG::Manager::Conf;
use Lemonldap::NG::Manager::_HTML;
require Lemonldap::NG::Manager::_i18n;
require Lemonldap::NG::Manager::Help;
use Lemonldap::NG::Manager::Conf::Constants;
use LWP::UserAgent;
use Safe;
use MIME::Base64;
our @ISA = qw(Lemonldap::NG::Manager::Base);
......@@ -314,6 +317,7 @@ sub print_upload {
sub upload {
my $self = shift;
my $config = $self->tree2conf(@_);
return SYNTAX_ERROR unless( $self->checkConf($config) );
return $self->config->saveConf($config);
}
......@@ -379,6 +383,106 @@ sub tree2conf {
return $config;
}
sub checkConf {
my $self = shift;
my $config = shift;
my $expr = '';
# Check cookie name
return 0 unless( $config->{cookieName} =~ /^\w+$/ );
# Check domain name
return 0 unless( $config->{domain} =~ /^[\w\.]+$/ );
# Load variables
foreach(keys %{ $config->{exportedVars} }) {
# Reserved words
if( $_ eq 'groups' ) {
print STDERR "$_ is not authorized in attribute names. Change it!\n";
return 0;
}
if( $_ !~ /^\w+$/ ) {
print STDERR "$_ is not a valid attribute name\n";
return 0;
}
$expr .= "my \$$_ = '1';";
}
# Load and check macros
my $safe = new Safe;
$safe->share( '&encode_base64' );
while( my($k, $v) = each( %{ $config->{macros} } ) ) {
# Reserved words
if( $k eq 'groups' ) {
print STDERR "$k is not authorized in macro names. Change it!\n";
return 0;
}
if( $k !~ /^\w+$/ ) {
print STDERR "$k is not a valid macro name\n";
return 0;
}
$expr .= "my \$$k = $v;";
}
# Test macro values;
$safe->reval( $expr );
if( $@ ) {
print STDERR "Error in macro syntax: $@\n";
return 0;
}
# Test groups
$expr .= 'my $groups;';
while( my($k,$v) = each( %{ $config->{groups} } ) ) {
if( $k !~ /^[\w-]+$/ ) {
print STDERR "$k is not a valid group name\n";
return 0;
}
$safe->reval( $expr . "\$groups = '$k' if($v);");
if( $@ ) {
print STDERR "Syntax error in group $k: $@\n";
return 0;
}
}
# Test rules
while( my($vh, $rules) = each( %{ $config->{locationRules} } ) ) {
unless( $vh =~ /^[-\w\.]+$/ ) {
print STDERR "$vh is not a valid virtual host name\n";
return 0;
}
while( my($reg, $v) = each( %{ $rules } ) ) {
unless( $reg eq 'default' ) {
$reg =~ s/#/\\#/g;
$safe->reval( $expr . "my \$r = qr#$reg#;" );
if( $@ ) {
print STDERR "Syntax error in regexp ($vh -> $reg)\n";
return 0;
}
}
unless( $v eq 'deny' or $v eq 'accept' ) {
$safe->reval( $expr . "my \$r=1 if($v);");
if( $@ ) {
print STDERR "Syntax error in expression ($vh -> $reg)\n";
return 0;
}
}
}
}
# Test exported headers
while( my($vh, $headers) = each( %{ $config->{exportedHeaders} } ) ) {
unless( $vh =~ /^[-\w\.]+$/ ) {
print STDERR "$vh is not a valid virtual host name\n";
return 0;
}
while( my($header, $v) = each( %{ $headers } ) ) {
unless( $header =~ /^[\w][-\w]*$/ ) {
print STDERR "$header is not a valid HTTP header name ($vh)\n";
return 0;
}
$safe->reval( $expr . "my \$r = $v;" );
if( $@ ) {
print STDERR "Syntax error in header expression ($vh -> $header)\n";
return 0;
}
}
}
1;
}
# Apply subroutines
# TODO: Credentials in applyConfFile
......
......@@ -12,12 +12,14 @@ use constant CONFIG_WAS_CHANGED => -1;
use constant UNKNOWN_ERROR => -2;
use constant DATABASE_LOCKED => -3;
use constant UPLOAD_DENIED => -4;
use constant SYNTAX_ERROR => -5;
our %EXPORT_TAGS = ( 'all' => [ qw(
CONFIG_WAS_CHANGED
UNKNOWN_ERROR
DATABASE_LOCKED
UPLOAD_DENIED
SYNTAX_ERROR
) ] );
our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
......
......@@ -81,7 +81,7 @@ sub javascript {
newRule newHeader httpHeaders waitingResult unknownError
configurationWasChanged configLoaded warningConfNotApplied
applyConf prevConf lastConf nextConf deleteVirtualHost
areYouSure)) {
areYouSure syntaxError)) {
$text{$_} = &{"txt_$_"};
$text{$_} =~s/'/\\'/g;
}
......@@ -198,9 +198,9 @@ function onNodeSelect(nodeId) {
}
if(tree.getUserData(nodeId,"modif")=='both') but+=button('$text{deleteNode}','deleteNode',nodeId);
but+=button('$text{saveConf}','saveConf',nodeId);
if(nodeId == 'root') but+=button('$text{prevConf}','prevConf',nodeId)
/*if(nodeId == 'root') but+=button('$text{prevConf}','prevConf',nodeId)
+button('$text{nextConf}','nextConf',nodeId)
+button('$text{lastConf}','lastConf',nodeId);
+button('$text{lastConf}','lastConf',nodeId);*/
#;
if( $self->{applyConfFile} ) {
print "but+=button('$text{applyConf}','applyConf',nodeId);";
......@@ -323,11 +323,14 @@ function saveConf(){
document.getElementById('help').innerHTML='<h3>$text{confSaved} : '+r+'</h3>$text{warningConfNotApplied}';
}
else if(r<0) {
var txt='<h3>$text{saveFailure}: ';
if(r==#.CONFIG_WAS_CHANGED.qq#) {
var txt='<h3>$text{saveFailure}: ';
if(r==#.CONFIG_WAS_CHANGED.qq#) {
txt+='$text{configurationWasChanged}';
}
document.getElementById('help').innerHTML=txt+'</h3>';
}
else if(r==#.SYNTAX_ERROR.qq#) {
txt+='$text{syntaxError}';
}
document.getElementById('help').innerHTML=txt+'</h3>';
}
else document.getElementById('help').innerHTML='<h3>$text{unknownError}</h3>';
}
......@@ -361,6 +364,12 @@ function applyConf(){
xhr_object.send(null);
}
function prevConf(){
}
function nextConf(){
}
function ec(s){
if((!s) || s=='') return s;
return s.replace(/>/g,'&gt;').replace(/</g,'&lt;');
......
......@@ -80,7 +80,7 @@ sub fr {
invalidLine => 'Ligne invalide',
error => 'Erreur',
result => 'R&eacute;sultat',
changesAppliedLater => "Les changements seront effectifs d'ici 10 minutes",
changesAppliedLater => "Les changements seront effectifs d'ici 10 minutes. Utilisez \"apachectl reload\" sur les serveurs concern&eacute;s pour forcer la prise en compte imm&eacute;diate",
prevConf => 'Pr&eacute;c&eacute;dente',
nextConf => 'Suivante',
lastConf => 'Derni&egrave;re',
......@@ -88,6 +88,7 @@ sub fr {
# Attention: ici, &Ecirc; ne sera pas interprt par Firefox (msgBox)
areYouSure => 'Etes vous sur ?',
syntaxError => 'Erreur de syntaxe, configuration refus&eacute;e. Consultez les journaux du serveur web.',
};
}
......@@ -139,11 +140,12 @@ sub en {
invalidLine => 'Invalid Line',
error => 'Error',
result => 'Result',
changesAppliedLater => 'Changes will be effective within 10 minutes',
changesAppliedLater => 'Changes will be effective within 10 minutes. Use "apachectl reload" on concerned servers for immediate reloading',
prevConf => 'Previous',
nextConf => 'Next',
lastConf => 'Last',
deleteVirtualHost => 'Delete virtual host',
areYouSure => 'Are you sure ?',
syntaxError => 'Syntax error, configuration refused. See web server logs for more.',
};
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment