1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * ident "%Z%%M% %I% %E% SMI" 23 * 24 * Copyright 2007 Sun Microsystems, Inc. All rights reserved. 25 * Use is subject to license terms. 26 * 27 * Valid 28 * Check user input. We are mostly concerned with characters 29 * we know will cause problems for the sub-system. 30 * multi-byte characters will be screened out by the gui. 31 */ 32 33 package com.sun.admin.pm.server; 34 35 import java.io.*; 36 import java.util.*; 37 38 public class Valid { 39 40 static String spaces = "\t "; 41 /* JSTYLED */ 42 static String badmetas = "\"\\$^&*(){}`'|;:?<>"; 43 /* JSTYLED */ 44 static String baddestmetas = "\"\\$^&*(){}`'|;?<>"; 45 46 // lpadmin used to only take 14. 47 static int validlocalprinternamelength = 1024; 48 // MAXHOSTNAMELEN + MAXPATHLEN seems reasonable. 49 static int validremoteprinternamelength = 1280; 50 51 static int validdestinationlength = 1023; // BUFSIZ-1 seems generous 52 static int validcommentlength = 256; // From admintool 53 static int validservernamelength = 256; // MAXHOSTNAMELEN = 256 54 static int validusernamelength = 128; // LOGNAME_MAX = 8 but since 55 // it's not enforced ... 56 static int validmakelength = 256; // MAXNAMELEN = 256 57 58 // 59 // main for testing 60 // 61 public static void main(String[] args) { 62 String[] users_arr = { "one", "two", "th`ee" }; 63 try { 64 System.out.println(localPrinterName("foo/bar")); 65 System.out.println(comment("abad:comment")); 66 System.out.println(device("/dev/term/a")); 67 System.out.println(printerType(" ")); 68 System.out.println(serverName(",bad")); 69 System.out.println(users(users_arr)); 70 } 71 catch (Exception e) 72 { 73 System.out.println(e); 74 System.exit(1); 75 } 76 System.exit(0); 77 } 78 79 // 80 // Valid comment 81 // 82 public static boolean comment(String cstr) 83 { 84 Debug.message("SVR: Valid.comment()"); 85 Debug.message("SVR: comment=" + cstr); 86 87 if (cstr == null) 88 return (false); 89 if (cstr.length() > validcommentlength) 90 return (false); 91 92 String c = cstr.substring(0, 1); 93 // Causes problems in lpadmin 94 if (c.equals(",")) { 95 return (false); 96 } 97 if (c.equals("-")) { 98 return (false); 99 } 100 101 return (validString(cstr, badmetas + "=")); 102 } 103 104 // 105 // Valid local printer name 106 // 107 public static boolean localPrinterName(String pn) 108 { 109 Debug.message("SVR: Valid.localPrinterName()"); 110 Debug.message("SVR: printerName=" + pn); 111 112 if (pn == null) 113 return (false); 114 if (pn.length() == 0) 115 return (false); 116 if (pn.length() > validlocalprinternamelength) 117 return (false); 118 119 String c = pn.substring(0, 1); 120 if (c.equals(".")) { 121 return (false); 122 } 123 if (c.equals("!")) { 124 return (false); 125 } 126 if (c.equals("=")) { 127 return (false); 128 } 129 130 // Keywords for the sub-system 131 if (pn.equals("_default")) 132 return (false); 133 if (pn.equals("_all")) 134 return (false); 135 136 return (validString(pn, badmetas + spaces + "/#:,")); 137 } 138 139 // 140 // Valid remote printer name 141 // 142 public static boolean remotePrinterName(String pn) 143 { 144 Debug.message("SVR: Valid.remotePrinterName()"); 145 Debug.message("SVR: printerName=" + pn); 146 147 if (pn == null) 148 return (false); 149 if (pn.length() == 0) 150 return (false); 151 if (pn.length() > validremoteprinternamelength) 152 return (false); 153 154 // Keywords for the sub-system 155 if (pn.equals("_default")) 156 return (false); 157 if (pn.equals("_all")) 158 return (false); 159 160 String c = pn.substring(0, 1); 161 if (c.equals(".")) { 162 return (false); 163 } 164 if (c.equals("!")) { 165 return (false); 166 } 167 if (c.equals("=")) { 168 return (false); 169 } 170 171 return (validString(pn, badmetas + spaces + "/#:,")); 172 } 173 174 // 175 // Valid device 176 // Does it exist and is it writable. 177 // 178 public static boolean device(String dev) 179 throws Exception 180 { 181 int exitvalue; 182 183 Debug.message("SVR: Valid.device()"); 184 Debug.message("SVR: device=" + dev); 185 186 if (dev == null) 187 return (false); 188 if (dev.length() == 0) 189 return (false); 190 if (dev.indexOf("://") != 0) // don't test if it's a URI 191 return (true); 192 193 SysCommand syscmd = new SysCommand(); 194 syscmd.exec("/usr/bin/test -w " + dev); 195 exitvalue = syscmd.getExitValue(); 196 syscmd = null; 197 198 if (exitvalue != 0) 199 return (false); 200 return (true); 201 } 202 203 // 204 // Valid Printer Make 205 // Does a directory of that name exist, and is it readable. 206 // 207 208 public static boolean make(String dir) 209 throws Exception 210 { 211 int exitvalue; 212 213 Debug.message("SVR: Valid.make()"); 214 Debug.message("SVR: dir=" + dir); 215 216 if (dir == null) 217 return (false); 218 if ((dir.length() == 0) || (dir.length() > validmakelength)) 219 return (false); 220 221 SysCommand syscmd = new SysCommand(); 222 syscmd.exec("/usr/bin/test -d -r " + dir); 223 exitvalue = syscmd.getExitValue(); 224 syscmd = null; 225 226 if (exitvalue != 0) 227 return (false); 228 return (true); 229 } 230 231 // 232 // Valid printer type 233 // 234 public static boolean printerType(String pt) 235 throws Exception 236 { 237 int exitvalue; 238 239 Debug.message("SVR: Valid.printerType()"); 240 Debug.message("SVR: printerType=" + pt); 241 242 if (pt == null) 243 return (false); 244 if (pt.length() == 0) 245 return (false); 246 247 if (pt.equals("/")) 248 return (false); 249 250 if (pt.indexOf(" ") != -1) { 251 return (false); 252 } 253 if (pt.indexOf("\t") != -1) { 254 return (false); 255 } 256 257 String c = pt.substring(0, 1); 258 String path = "/usr/share/lib/terminfo/" + c + "/" + pt; 259 SysCommand syscmd = new SysCommand(); 260 syscmd.exec("/usr/bin/test -r " + path); 261 exitvalue = syscmd.getExitValue(); 262 syscmd = null; 263 264 if (exitvalue != 0) 265 return (false); 266 return (true); 267 } 268 269 // 270 // Valid destination 271 // 272 public static boolean destination(String d) 273 { 274 Debug.message("SVR: Valid.destination()"); 275 Debug.message("SVR: destination=" + d); 276 277 if (d == null) 278 return (false); 279 if (d.length() == 0) 280 return (false); 281 if (d.length() > validdestinationlength) 282 return (false); 283 284 return (validString(d, baddestmetas + spaces)); 285 } 286 287 // 288 // Valid Server name 289 // 290 public static boolean serverName(String s) 291 { 292 Debug.message("SVR: Valid.serverName()"); 293 Debug.message("SVR: serverName=" + s); 294 295 if (s == null) 296 return (false); 297 if (s.length() == 0) 298 return (false); 299 if (s.length() > validservernamelength) 300 return (false); 301 302 String c = s.substring(0, 1); 303 if (c.equals("!")) { 304 return (false); 305 } 306 if (c.equals("=")) { 307 return (false); 308 } 309 310 return (validString(s, badmetas + spaces + "#,:")); 311 } 312 313 // 314 // Users 315 // 316 public static boolean users(String[] u) 317 { 318 Debug.message("SVR: Valid.users()"); 319 Debug.message("SVR: users = " + PrinterDebug.arr_to_str(u)); 320 321 if (u == null) { 322 return (false); 323 } 324 if (u.length == 0) { 325 return (false); 326 } 327 328 for (int i = 0; i < u.length; i++) { 329 if (u[i] == null) { 330 return (false); 331 } 332 if (u[i].length() == 0) { 333 return (false); 334 } 335 if (u[i].length() > validusernamelength) { 336 return (false); 337 } 338 if (!validString(u[i], badmetas + spaces)) { 339 return (false); 340 } 341 } 342 return (true); 343 } 344 345 // 346 // User 347 // 348 public static boolean user(String u) 349 { 350 Debug.message("SVR: Valid.users()"); 351 Debug.message("SVR: users = " + u); 352 353 if (u == null) { 354 return (false); 355 } 356 if (u.length() == 0) { 357 return (false); 358 } 359 360 if (u == null) { 361 return (false); 362 } 363 if (u.length() == 0) { 364 return (false); 365 } 366 if (u.length() > validusernamelength) { 367 return (false); 368 } 369 if (!validString(u, badmetas + spaces)) { 370 return (false); 371 } 372 return (true); 373 } 374 375 376 // 377 // Check to see if a string contains an invalid character 378 // 379 private static boolean validString(String str, String badchars) 380 { 381 // Can't start with a hyphen 382 String start = str.substring(0, 1); 383 if (start.equals("-")) 384 return (false); 385 386 char[] badchars_arr = badchars.toCharArray(); 387 388 for (int i = 0; i < badchars_arr.length; i++) { 389 if (str.indexOf(badchars_arr[i]) != -1) { 390 return (false); 391 } 392 } 393 return (true); 394 } 395 } 396