From 283143104d343cc87694536108451d7f5fc9f94d Mon Sep 17 00:00:00 2001 From: Darksider3 Date: Wed, 16 Oct 2019 21:52:25 +0200 Subject: [PATCH] Actually we allow currently strange things, this fixes it on the usernames --- private/Backup.py | 45 ++++++++++++++++++++++++--------------- private/lib/validator.py | 14 ++++++------ public/userapplication.py | 6 ++++++ 3 files changed, 42 insertions(+), 23 deletions(-) diff --git a/private/Backup.py b/private/Backup.py index 35f9bd6..89c6643 100644 --- a/private/Backup.py +++ b/private/Backup.py @@ -49,9 +49,11 @@ class Backup: @staticmethod def ImportFromFile(fname: str = CFG.args.file, db: str = CFG.REG_FILE, userids: tuple = tuple([])): if not os.path.isfile(fname): - return None # @TODO maybe some better output here + print(f"File {fname} don't exist") + return None if not os.path.isfile(db): - return None # @TODO maybe some better output here + print(f"The database file {db} don't exist") + return None if userids: pass # empty tuple means everything # noinspection PyBroadException @@ -64,34 +66,43 @@ class Backup: reader = csv.DictReader(f) # @TODO csv.Sniffer to compare? When yes, give force-accept option for row in reader: # if any of this fails move on to the next user, just print a relatively helpful message lel - if not lib.validator.checkUsernameLength(row["username"]): - print(f"The username {row['username']} is either too long(>16) or short(<3).") - continue if not lib.validator.checkUsernameCharacters(row["username"]): print(f"The username contains unsupported characters or starts with a number: " f"{row['username']}") continue + if not lib.validator.checkUsernameLength(row["username"]): + print(f"The username {row['username']} is either too long(>16) or short(<3).") + continue if not lib.validator.checkSSHKey(row["pubkey"]): print(f"Following SSH-Key isn't valid: {row['pubkey']}") continue - if lib.validator.checkUserExists(row["username"]): - print(f"The user '{row['username']}' already exists.") - continue if not lib.validator.checkEmail(row["email"]): print(f"The E-Mail address {row['email']} is not valid.") continue + if lib.validator.checkUserExists(row["username"]): + print(f"The user '{row['username']}' already exists.") + continue if row["status"] == "1": try: - sysctl.register(row["username"]) # @TODO exception lib.UserExceptions.UserExistsAlready - sysctl.lock_user_pw(row["username"]) # @TODO exception lib.UserExceptions.UnknownReturnCode - sysctl.add_to_usergroup(row["username"]) # @TODO exception lib.UnknownReturnCode - sysctl.make_ssh_usable(row["username"], row["pubkey"]) # @TODO exception + sysctl.register(row["username"]) + sysctl.lock_user_pw(row["username"]) + sysctl.add_to_usergroup(row["username"]) + sysctl.make_ssh_usable(row["username"], row["pubkey"]) print(row['username'], "====> Registered.") - except Exception as e: - print(e) + except lib.UserExceptions.UserExistsAlready as UEA: + pass # @TODO User was determined to exists already, shouldn't happen but is possible + except lib.UserExceptions.UnknownReturnCode as URC: + pass # @TODO Unknown Return Codes. Can happen in various function + except lib.UserExceptions.SSHDirUncreatable as SDU: + pass # @TODO SSH Directory doesn't exist AND couldn't be created. Inherently wrong design! + except lib.UserExceptions.ModifyFilesystem as MFS: + pass # @TODO Same as SSH Dir but more general, same problem: Wrong Permissions, + # Missing Dirs etc + except Exception as E: # @TODO well less broad is hard to achieve Kappa + print(E) continue elif row["status"] == "0": - print(row['username'] + "not approved, therefore not registered.") + print(row['username'] + " not approved, therefore not registered.") try: sql.safequery( "INSERT INTO `applications` (username, name, timestamp, email, pubkey, status) " @@ -100,8 +111,8 @@ class Backup: except OSError as E: pass print(f"UUFFF, something went WRONG with the file {fname}: {E}") - except Exception as e: - print(f"Exception! UNCATCHED! {type(e)}") + except Exception as didntCatch: + print(f"Exception! UNCATCHED! {type(didntCatch)}") return True diff --git a/private/lib/validator.py b/private/lib/validator.py index 82283d0..75e8881 100644 --- a/private/lib/validator.py +++ b/private/lib/validator.py @@ -3,10 +3,12 @@ import pwd def checkUsernameCharacters(username: str): - if re.match("[a-z]+[a-z0-9]", username): - return True - else: - return False + if " " not in username and "_" not in username and username.isascii() and username.islower() and \ + not username[0].isnumeric(): + if not re.search(r"\W+", username): + if not re.search("[^a-z0-9]", username): + return True + return False def checkUsernameLength(username: str): @@ -21,9 +23,9 @@ def checkUserExists(username: str): try: pwd.getpwnam(username) except KeyError: - return True # User already exists + return False # User already exists else: - return False # User doesnt exist + return True # User doesnt exist def checkSSHKey(key: str): diff --git a/public/userapplication.py b/public/userapplication.py index 3ca0206..6e2e66f 100755 --- a/public/userapplication.py +++ b/public/userapplication.py @@ -77,6 +77,12 @@ def __checkSQLite(cursor, connection): def check_username(value): global VALID_USER + if " " in value or "_ " in value or not value.isascii() or not value.islower() or value[0].isnumeric(): + VALID_USER = False + return False + if re.search(r"\W+", value): + VALID_USER = False + return False if len(value) < 3: VALID_USER = False return False