tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SshResourceForm: Don't accept `file://...` as private key

This commit is contained in:
Johannes Meyer 2022-02-23 16:41:40 +01:00
parent 52d51f0ee5
commit 9883c36841
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
application/forms/Config/Resource/SshResourceForm.php
View File

@ -52,9 +52,13 @@ class SshResourceForm extends Form
if ($this->getRequest()->getActionName() != 'editresource') { if ($this->getRequest()->getActionName() != 'editresource') {
$callbackValidator = new Zend_Validate_Callback(function ($value) { $callbackValidator = new Zend_Validate_Callback(function ($value) {
if (openssl_pkey_get_private($value) === false) { if (
substr(ltrim($value), 0, 7) === 'file://'
|| openssl_pkey_get_private($value) === false
) {
return false; return false;
} }
return true; return true;
}); });
$callbackValidator->setMessage( $callbackValidator->setMessage(
@ -126,20 +130,19 @@ class SshResourceForm extends Form
$configDir = Icinga::app()->getConfigDir(); $configDir = Icinga::app()->getConfigDir();
$user = $form->getElement('user')->getValue(); $user = $form->getElement('user')->getValue();
$filePath = $configDir . '/ssh/' . $user; $filePath = join(DIRECTORY_SEPARATOR, [$configDir, 'ssh', sha1($user)]);
if (! file_exists($filePath)) { if (! file_exists($filePath)) {
$file = File::create($filePath, 0600); $file = File::create($filePath, 0600);
} else { } else {
$form->error( $form->error(
sprintf($form->translate('The private key for the user "%s" is already exists.'), $user) sprintf($form->translate('The private key for the user "%s" already exists.'), $user)
); );
return false; return false;
} }
$file->fwrite($form->getElement('private_key')->getValue()); $file->fwrite($form->getElement('private_key')->getValue());
$form->getElement('private_key')->setValue($configDir . '/ssh/' . $user); $form->getElement('private_key')->setValue($filePath);
return true; return true;
} }