Parse configuration files in a secure way.

Don't use the source function anymore which is unsecure.

diff --git a/functions.config b/functions.config
index 123e5f611ab0d7897372a52b3113dbd18e994efb..f10bcf147874de6367bbb3d4b0797e1c59c95106 100644 (file)
--- a/functions.config
+++ b/functions.config
@@ -26,13 +26,57 @@ function config_read_globals() {
 }
 
 function config_read() {
-       local config_file=${1}
-       assert isset config_file
+       local file=${1}
+       assert isset file
+       shift
+
+       local valid_keys=$@
+
+       # Exit if the file cannot be read.
+       [ -r "${file}" ] || return ${EXIT_ERROR}
+
+       local line key val
+       while read -r line; do
+               case "${line}" in
+                       *=*)
+                               key=$(cli_get_key ${line})
+
+                               # If valid keys is set, key must be in the list.
+                               if [ -n "${valid_keys}" ]; then
+                                       if ! listmatch ${key} ${valid_keys}; then
+                                               log DEBUG "Ignoring configuration setting: ${key}"
+                                               continue
+                                       fi
+                               fi
+
+                               val=$(cli_get_val ${line})
+                               val=$(config_strip ${val})
+
+                               # Assign variable.
+                               printf -v ${key} "%s" "${val}"
+                               ;;
+                       *)
+                               log DEBUG "Invalid line in configuration file: ${line}"
+                               continue
+                               ;;
+               esac
+       done < ${file}
+}
+
+# Strip leading and trailing "s.
+function config_strip() {
+       local var=${1}
+
+       if [ "${var:0:1}" = "\"" ]; then
+               var=${var:1}
+       fi
 
-       if [ -e "${config_file}" ]; then
-               . ${config_file}
-               config_check
+       local last=$(( ${#var} - 1 ))
+       if [ ${last} -gt 0 ] && [ "${var:${last}:1}" = "\"" ]; then
+               var=${var:0:${last}}
        fi
+
+       print "${var}"
 }
 
 function config_write() {
@@ -93,6 +137,14 @@ function config_hostname() {
        fi
 }
 
+function config_domainname() {
+       local hostname=$(config_hostname)
+
+       # Strip off the hostname part and just return
+       # the domain part.
+       print "${hostname#*.}"
+}
+
 function config_set() {
        while [ $# -gt 0 ]; do
                case "${1}" in
@@ -102,7 +154,7 @@ function config_set() {
 
                                log INFO "Setting configuration option '${key}=${val}'".
 
-                               eval ${key}="${val}"
+                               printf -v ${key} "%s" "${val}"
                                ;;
                        *)
                                warning "Invalid parameter given: ${1}"
@@ -113,14 +165,15 @@ function config_set() {
 }
 
 function network_config_read() {
-       # Save state of DEBUG and restore it later.
-       local debug=${DEBUG}
-
-       config_read ${NETWORK_CONFIG_FILE}
+       local options=${NETWORK_CONFIG_FILE_PARAMS}
 
-       if [ -n "${debug}" ]; then
-               DEBUG=${debug}
+       # If the DEBUG variable has already been set,
+       # don't overwrite it.
+       if [ -n "${DEBUG}" ]; then
+               list_remove options DEBUG
        fi
+
+       config_read ${NETWORK_CONFIG_FILE} ${options}
 }
 
 function network_config_write() {
@@ -135,7 +188,7 @@ function network_config_print() {
 }
 
 function firewall_config_read() {
-       config_read ${FIREWALL_CONFIG_FILE}
+       config_read ${FIREWALL_CONFIG_FILE} ${FIREWALL_CONFIG_PARAMS}
 }
 
 function firewall_config_write() {