Changeset 2324


Ignore:
Timestamp:
Sep 18, 2013, 1:29:27 PM (5 years ago)
Author:
matthijs
Message:

luci-openvpn: Allow any character in client names

The client name is used both for display and as the name of key files
and a uci section, with configuration for the client. Since uci sections
cannot contain dashes, those were replaced by underscores. However, uci
section names also cannot contain spaces, and probably a lot more
special characters are forbidden too.

This commit makes sure that anything except letters, numbers and
underscores in the given name are replaced by underscores in the uci
section name. However, since those names are not so pretty for user
display, we preserve the originally entered name in the "name" field in
uci.

To make sure nothing breaks, all the code that previously used the
"name" field to build filenames or identify the uci section is changed
to use the uci section name instead.

Closes: #1321

Location:
trunk/luci/applications/luci-openvpn/luasrc
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/luci/applications/luci-openvpn/luasrc/controller/openvpn.lua

    r2187 r2324  
    5555        local http = require "luci.http"
    5656        local client = http.formvalue("client")
    57         if require("luci.model.uci").cursor():get("openvpn", client, "name") ~= client then
     57        if not require("luci.model.uci").cursor():get("openvpn", client, "name") then
    5858                os.execute("logger potential injection attempt?!")
    5959                return
  • trunk/luci/applications/luci-openvpn/luasrc/controller/openvpn_rpc.lua

    r1141 r2324  
    3737        local http = require "luci.http"
    3838        local client = http.formvalue("client")
    39         if require("luci.model.uci").cursor():get("openvpn", client, "name") ~= client then
     39        if not require("luci.model.uci").cursor():get("openvpn", client, "name") then
    4040                os.execute("logger potential injection attempt?!")
    4141                return
  • trunk/luci/applications/luci-openvpn/luasrc/model/cbi/openvpn.lua

    r2187 r2324  
    116116function remove.write(self, section)
    117117        -- Check that the section exists
    118         if uci:get("openvpn", section, "name") ~= section then
     118        if not uci:get("openvpn", section, "name") then
    119119                os.execute("logger potential injection attempt")
    120120                return
  • trunk/luci/applications/luci-openvpn/luasrc/model/cbi/openvpn/new.lua

    r2182 r2324  
    1212        if state == FORM_VALID  and data.client and #data.client > 0 then
    1313                local uci = require("luci.model.uci").cursor()
    14                 data.client = data.client:gsub("-", "_")
     14                local sname = data.client:gsub("[^a-zA-Z0-9_]", "_")
    1515                uci:load("openvpn")
    16                 uci:section("openvpn", "client", data.client, {name=data.client})
     16                uci:section("openvpn", "client", sname, {name=data.client})
    1717                uci:commit("openvpn")
    18                 cmd = "/usr/sbin/pkitool \""..data.client.."\""
     18                cmd = "/usr/sbin/pkitool \""..sname.."\""
    1919
    2020                if data.passphrase and #data.passphrase > 0 then
    21                         local keyfile = "/etc/openvpn/keys/" .. data.client .. ".key"
     21                        local keyfile = "/etc/openvpn/keys/" .. sname .. ".key"
    2222                        -- Escape "$`\ with a backslash, to prevent
    2323                        -- them being interpreted by the shell below.
  • trunk/luci/applications/luci-openvpn/luasrc/view/openvpn_download.htm

    r2184 r2324  
    33-%>
    44<%+cbi/valueheader%>
    5         <% local name = self.map:get(section, "name") %>
    6         <%-if require("luci.fs").stat("/etc/openvpn/keys/"..name..".key") then %>
     5        <%-if require("luci.fs").stat("/etc/openvpn/keys/"..section..".key") then %>
    76                <input class="cbi-input-<%=self.inputstyle or "button" %>" type="submit"<%= attr("name", cbid) .. attr("id", cbid) .. attr("value", self.button_title or self.title)%> />
    87        <% else %>
Note: See TracChangeset for help on using the changeset viewer.