From f5433511002ecc024965585c897ba724e807a9fd Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Thu, 4 Jan 2018 19:32:35 +0100 Subject: [PATCH] Fix alias_traversal --- conf/nginx.conf | 3 ++- scripts/_common.sh | 5 +++++ scripts/_sed | 51 ++++++++++++++++++++++++++++++++++++++++++++++ scripts/change_url | 16 ++++++++++++++- scripts/install | 4 ++++ scripts/upgrade | 4 ++++ 6 files changed, 81 insertions(+), 2 deletions(-) create mode 100644 scripts/_sed diff --git a/conf/nginx.conf b/conf/nginx.conf index 0a76272..6a9eab5 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,4 +1,5 @@ -location __PATH__ { +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { alias __FINALPATH__/; if ($scheme = http) { diff --git a/scripts/_common.sh b/scripts/_common.sh index 522fde5..746baa4 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -454,6 +454,11 @@ EOF ynh_store_file_checksum "$finalfail2banfilterconf" sudo systemctl restart fail2ban + if local fail2ban_error="$(tail -n50 /var/log/fail2ban.log | grep "WARNING Command.*$app.*addfailregex")" + then + echo "[ERR] Fail2ban fail to load the jail for $app" >&2 + echo "WARNING${fail2ban_error#*WARNING}" >&2 + fi } # Remove the dedicated fail2ban config (jail and filter conf files) diff --git a/scripts/_sed b/scripts/_sed new file mode 100644 index 0000000..cc76ab9 --- /dev/null +++ b/scripts/_sed @@ -0,0 +1,51 @@ +#!/bin/bash + +# https://github.com/YunoHost/yunohost/pull/394 + +# Substitute/replace a string (or expression) by another in a file +# +# usage: ynh_replace_string match_string replace_string target_file +# | arg: match_string - String to be searched and replaced in the file +# | arg: replace_string - String that will replace matches +# | arg: target_file - File in which the string will be replaced. +# +# As this helper is based on sed command, regular expressions and +# references to sub-expressions can be used +# (see sed manual page for more information) +ynh_replace_string () { + local delimit=@ + local match_string=$1 + local replace_string=$2 + local workfile=$3 + + # Escape the delimiter if it's in the string. + match_string=${match_string//${delimit}/"\\${delimit}"} + replace_string=${replace_string//${delimit}/"\\${delimit}"} + + sudo sed --in-place "s${delimit}${match_string}${delimit}${replace_string}${delimit}g" "$workfile" +} + +# Substitute/replace a password by another in a file +# +# usage: ynh_replace_password_string match_string replace_string target_file +# | arg: match_string - String to be searched and replaced in the file +# | arg: replace_string - String that will replace matches +# | arg: target_file - File in which the string will be replaced. +# +# This helper will use ynh_replace_string, but as you can use special +# characters, you can't use some regular expressions and sub-expressions. +ynh_replace_password_string () { + local match_string=$1 + local replace_string=$2 + local workfile=$3 + + # Escape any backslash to preserve them as simple backslash. + match_string=${match_string//\\/"\\\\"} + replace_string=${replace_string//\\/"\\\\"} + + # Escape the & character, who has a special function in sed. + match_string=${match_string//&/"\&"} + replace_string=${replace_string//&/"\&"} + + ynh_replace_string "$match_string" "$replace_string" "$workfile" +} diff --git a/scripts/change_url b/scripts/change_url index 2c074dd..2a00317 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -8,6 +8,7 @@ source _common.sh source /usr/share/yunohost/helpers +source _sed #================================================= # RETRIEVE ARGUMENTS @@ -64,7 +65,20 @@ nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf # Change the path in the nginx config file if [ $change_path -eq 1 ] then - ynh_replace_string "location $old_path" "location $new_path" "$nginx_conf_path" + + # Move from sub path to root + if [ "$new_path" == "/" ] + then + ynh_replace_string "^ *rewrite.*\^$old_path" "#sub_path_only&" "$nginx_conf_path" + ynh_replace_string "\(rewrite *\^\)$old_path\$ $old_path/*" "\1$new_path$ $new_path" "$nginx_conf_path" + + # Move to a sub path + else + ynh_replace_string "^#sub_path_only" "" "$nginx_conf_path" + ynh_replace_string "\(rewrite *\^\)$old_path\$ $old_path/*" "\1$new_path$ $new_path/" "$nginx_conf_path" + fi + + ynh_replace_string "location ${old_path%/}/" "location ${new_path%/}/" "$nginx_conf_path" fi # Change the domain for nginx diff --git a/scripts/install b/scripts/install index f98ca86..f208bac 100644 --- a/scripts/install +++ b/scripts/install @@ -94,6 +94,10 @@ ynh_setup_source "$final_path" admin_dashboard # NGINX CONFIGURATION #================================================= +if [ "$path_url" != "/" ] +then + ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf" +fi ynh_add_nginx_config #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index d4d71bf..01dc427 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -63,6 +63,10 @@ ynh_setup_source "$final_path" admin_dashboard # NGINX CONFIGURATION #================================================= +if [ "$path_url" != "/" ] +then + ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf" +fi ynh_add_nginx_config #=================================================