updated format validator for firewall

serghey-rodin · serghey-rodin · commit 1f8a3af56dfe · 2014-09-17T00:37:11.000+03:00
diff --git a/func/main.sh b/func/main.sh
@@ -91,7 +91,7 @@ check_args() {
 # Subsystem checker
 is_system_enabled() {
     if [ -z "$1" ] || [ "$1" = no ]; then
-        echo "Error: $2 is disabled in the vesta.conf"
+        echo "Error: $2 is not enabled in the $VESTA/conf/vesta.conf"
         log_event "$E_DISABLED" "$EVENT"
         exit $E_DISABLED
     fi
@@ -564,13 +564,25 @@ validate_format_interface() {
 
 # IP address
 validate_format_ip() {
+    t_ip=$(echo $1 |awk -F / '{print $1}')
+    t_cidr=$(echo $1 |awk -F / '{print $2}')
     valid_octets=0
-    for octet in ${1//./ }; do
+    valid_cidr=1
+    for octet in ${t_ip//./ }; do
         if [[ $octet =~ ^[0-9]{1,3}$ ]] && [[ $octet -le 255 ]]; then
             ((++valid_octets))
         fi
     done
-    if [ "$valid_octets" -lt 4 ]; then
+
+    if [ ! -z "$(echo $1|grep '/')" ]; then
+        if [[ "$t_cidr" -lt 0 ]] || [[ "$t_cidr" -gt 32 ]]; then
+            valid_cidr=0
+        fi
+        if ! [[ "$t_cidr" =~ ^[0-9]+$ ]]; then
+            valid_cidr=0
+        fi
+    fi
+    if [ "$valid_octets" -lt 4 ] || [ "$valid_cidr" -eq 0 ]; then
         echo "Error: ip $1 is not valid"
         log_event "$E_INVALID" "$EVENT"
         exit $E_INVALID
@@ -625,12 +637,14 @@ validate_format_username() {
     if [ "${#1}" -eq 1 ]; then
         if ! [[ "$1" =~ [a-z] ]]; then
             echo "Error: $2 $1 is not valid"
+            log_event "$E_INVALID" "$EVENT"
             exit 1
         fi
     else
         if ! [[ "$1" =~ ^[a-zA-Z0-9][-|\.|_|a-zA-Z0-9]{0,28}[a-zA-Z0-9]$ ]]
         then
             echo "Error: $2 $1 is not valid"
+            log_event "$E_INVALID" "$EVENT"
             exit 1
         fi
     fi
@@ -792,6 +806,42 @@ validate_format_autoreply() {
     fi
 }
 
+# Firewall action
+validate_format_fw_action() {
+    if [ "$1" != "ACCEPT" ] && [ "$1" != 'DROP' ] ; then
+        echo "Error: $1 is not valid action"
+        log_event "$E_INVALID" "$EVENT"
+        exit $E_INVALID
+    fi
+}
+
+# Firewall protocol
+validate_format_fw_protocol() {
+    if [ "$1" != "ICMP" ] && [ "$1" != 'UDP' ] && [ "$1" != 'TCP' ] ; then
+        echo "Error: $1 is not valid protocol"
+        log_event "$E_INVALID" "$EVENT"
+        exit $E_INVALID
+    fi
+}
+
+# Firewall port
+validate_format_fw_port() {
+    if [ "${#1}" -eq 1 ]; then
+        if ! [[ "$1" =~ [0-9] ]]; then
+            echo "Error: port $1 is not valid"
+            log_event "$E_INVALID" "$EVENT"
+            exit 1
+        fi
+    else
+        if ! [[ "$1" =~ ^[0-9][-|,|:|0-9]{0,30}[0-9]$ ]]
+        then
+            echo "Error: port $1 is not valid"
+            log_event "$E_INVALID" "$EVENT"
+            exit 1
+        fi
+    fi
+}
+
 # Format validation controller
 validate_format(){
     for arg_name in $*; do
@@ -804,12 +854,14 @@ validate_format(){
 
         case $arg_name in
             account)        validate_format_username "$arg" "$arg_name" ;;
+            action)         validate_format_fw_action "$arg";;
             antispam)       validate_format_boolean "$arg" 'antispam' ;;
             antivirus)      validate_format_boolean "$arg" 'antivirus' ;;
             autoreply)      validate_format_autoreply "$arg" ;;
             backup)         validate_format_domain "$arg" 'backup' ;;
             charset)        validate_format_name "$arg" "$arg_name" ;;
             charsets)       validate_format_common "$arg" 'charsets' ;;
+            comment)        validate_format_name "$arg" 'comment' ;;
             database)       validate_format_database "$arg" 'database';;
             day)            validate_format_mhdmw "$arg" $arg_name ;;
             dbpass)         validate_format_password "$arg" ;;
@@ -850,10 +902,13 @@ validate_format(){
             package)        validate_format_name "$arg" "$arg_name" ;;
             password)       validate_format_password "$arg" ;;
             port)           validate_format_int "$arg" 'port' ;;
+            port_ext)       validate_format_fw_port "$arg";;
+            protocol)       validate_format_fw_protocol "$arg" ;;
             quota)          validate_format_int "$arg" 'quota' ;;
             restart)        validate_format_boolean "$arg" 'restart' ;;
             record)         validate_format_common "$arg" 'record';;
             rtype)          validate_format_dns_type "$arg" ;;
+            rule)           validate_format_int "$arg" "rule id" ;;
             shell)          validate_format_shell "$arg" ;;
             soa)            validate_format_domain "$arg" 'soa_record';;
             stats_pass)     validate_format_password "$arg" ;;
