Changeset 153

Timestamp:

10/21/11 18:00:14 (13 years ago)

Author:

Kris Deugau

Message:

/trunk

Start adding scope checks so that users can't casually access
data they have no way of linking to legitimately

File:

• trunk/dns.cgi (modified) (5 diffs)

trunk/dns.cgi

@@ -154 +154 @@
 initGlobals($dbh);
 
+# security check - does the user have permission to view this entity?
+# this is a prep step used "many" places
+my @viewablegroups;
+getChildren($dbh, $logingroup, \@viewablegroups, 'all');
+push @viewablegroups, $logingroup;
+
 # handle login redirect
 if ($webvar{action}) {
@@ -197 +203 @@
     # ... and the "change group" bits...
     $uri_self =~ s/\&group=[^&]*//g;
+
+# security check - does the user have permission to view this entity?
+  if (!(grep /^$webvar{group}$/, @viewablegroups)) {
+    # hmm.  Reset the current group to the login group?  Yes.  Prevents confusing behaviour elsewhere.
+    $session->param('curgroup',$logingroup);
+##fixme:  need to either carry the errmsg forward, or init the template earlier
+#    $page->param(errmsg => "You are not permitted to view or make changes in the requested group");
+    $curgroup = $logingroup;
+  }
 
     $session->param('curgroup', $webvar{group});
@@ -829 +844 @@
 
   if (defined($webvar{userstatus})) {
-    userStatus($dbh,$webvar{id},$webvar{userstatus});
+    # security check - does the user have permission to access this entity?
+    my $flag = 0;
+    foreach (@viewablegroups) {
+      $flag = 1 if isParent($dbh, $_, 'group', $webvar{id}, 'user');
+    }
+    if ($flag) {
+      userStatus($dbh,$webvar{id},$webvar{userstatus});
+    } else {
+      $page->param(errmsg => "You are not permitted to view or change the requested user");
+    }
   }
 
@@ -1545 +1569 @@
 
 sub listdomains {
+
+# security check - does the user have permission to view this entity?
+  my @viewablegroups;
+  getChildren($dbh, $logingroup, \@viewablegroups, 'all');
+  push @viewablegroups, $logingroup;
+  if (!(grep /^$curgroup$/, @viewablegroups)) {
+    # hmm.  Reset the current group to the login group?  Yes.  Prevents confusing behaviour elsewhere.
+    $session->param('curgroup',$logingroup);
+    $page->param(errmsg => "You are not permitted to view domains in the requested group");
+    $curgroup = $logingroup;
+  }
 
 #  $startwith = $session->param($webvar{page}.'startwith');
@@ -1634 +1669 @@
 sub listgroups {
 
+# security check - does the user have permission to view this entity?
+  my @viewablegroups;
+  getChildren($dbh, $logingroup, \@viewablegroups, 'all');
+  push @viewablegroups, $logingroup;
+  if (!(grep /^$curgroup$/, @viewablegroups)) {
+    # hmm.  Reset the current group to the login group?  Yes.  Prevents confusing behaviour elsewhere.
+    $session->param('curgroup',$logingroup);
+    $page->param(errmsg => "You are not permitted to view the requested group");
+    $curgroup = $logingroup;
+#    changepage(page => grpman, errmsg => "You are not permitted to view the requested group");
+#    return;
+  }
+# if ( grep { eq $curgroup }, @childlist ) {
+#   errmsg => "You are not permitted to view this group"
+#    return;
+# }
+
   my @childgroups;
   getChildren($dbh, $curgroup, \@childgroups, 'all') if $searchsubs;