Changeset 155

Timestamp:

10/26/11 18:10:09 (13 years ago)

Author:

Kris Deugau

Message:

/trunk

Tweak DNSDB::isParent slightly; treat all groups as being their own parent
Remove stale $offset fiddling in page -> bulkdomain
Add error-reporting TMPL_IF on record data page
Continued scope-checking changes:

• rearrange group-changing check a little to allow propagating the error message without hardcoding it twice
• handle the special case of group-change while on the default record list page
• new sub, check_scope, to do the real checking
• use new sub checking access to individual records (both record and parent domain/group)
• check target for bulk domain move, as well as source domains in bulkchange
• check AXFR target group

Location:

trunk

Files:

• DNSDB.pm (modified) (2 diffs)
• dns.cgi (modified) (13 diffs)
• templates/record.tmpl (modified) (2 diffs)

trunk/DNSDB.pm

@@ -1488 +1488 @@
   return 1 if $type1 eq 'group' && $id1 == 1;
 
+  # groups are always (a) parent of themselves
+  return 1 if $type1 eq 'group' && $type2 eq 'group' && $id1 == $id2;
+
 # almost the same loop as getParents() above
   my $id = $id2;
   my $type = $type2;
   my $foundparent = 0;
-my $tmp = 0;
+
   while (1) {
-my $sql = "SELECT $par_col{$type} FROM $par_tbl{$type} WHERE $id_col{$type} = ?";
+    my $sql = "SELECT $par_col{$type} FROM $par_tbl{$type} WHERE $id_col{$type} = ?";
     my $result = $dbh->selectrow_hashref($sql,
         undef, ($id) ) or warn $dbh->errstr." $sql";
@@ -1505 +1508 @@
     $id = $result->{$par_col{$type}};
     $type = $par_type{$type};
-last if $tmp++ > 10;
   }
 

trunk/dns.cgi

@@ -207 +207 @@
 
     # security check - does the user have permission to view this entity?
+    my $errmsg;
     if (!(grep /^$webvar{group}$/, @viewablegroups)) {
       # hmm.  Reset the current group to the login group?  Yes.  Prevents confusing behaviour elsewhere.
@@ -212 +213 @@
       $webvar{group} = $logingroup;
       $curgroup = $logingroup;
-      $page->param(errmsg => "You are not permitted to view or make changes in the requested group");
+      $errmsg = "You are not permitted to view or make changes in the requested group";
+      $page->param(errmsg => $errmsg);
     }
 
     $session->param('curgroup', $webvar{group});
     $curgroup = ($webvar{group} ? $webvar{group} : $session->param('curgroup'));
+
+    # I hate special cases.
+    if ($webvar{page} eq 'reclist' && $webvar{defrec} eq 'y') {
+      my %args = (page => $webvar{page}, id => $curgroup, defrec => $webvar{defrec});
+      $args{errmsg} = $errmsg if $errmsg;
+      changepage(%args);
+    }
+
   }
 } # handle global webvar{action}s
@@ -390 +400 @@
 
 } elsif ($webvar{page} eq 'record') {
+
+  # security check - does the user have permission to access this entity?
+  if (!check_scope($webvar{id}, ($webvar{defrec} eq 'y' ? 'defrec' : 'record'))) {
+    $page->param(perm_err => "You are not permitted to add or edit the requested record");
+    goto DONEREC;
+  }
+  # round 2, check the parent.
+  if (!check_scope($webvar{parentid}, ($webvar{defrec} eq 'y' ? 'group' : 'domain'))) {
+    my $msg = ($webvar{defrec} eq 'y' ?
+        "You are not permitted to add or edit default records in the requested group" :
+        "You are not permitted to add or edit records in the requested domain");
+    $page->param(perm_err => $msg);
+    goto DONEREC;
+  }
+
 
   if ($webvar{recact} eq 'new') {
@@ -519 +544 @@
     $page->param(dohere => domainName($dbh,$webvar{parentid}));
   }
+
+  # Yes, this is a GOTO target.  PTBHTTT.
+  DONEREC: ;
 
 } elsif ($webvar{page} eq 'delrec') {
@@ -750 +778 @@
   fill_pgcount($count,'domains',groupName($dbh,$curgroup));
   fill_fpnla($count);
-  $page->param(offset => $offset);      # since apparently this isn't set explicitly elsewhere.  Who knew?
   $page->param(perpage => $perpage);
 
@@ -777 +804 @@
 } elsif ($webvar{page} eq 'bulkchange') {
 
+  # security check - does the user have permission to access this entity?
+  if (!check_scope($webvar{destgroup}, 'group')) {
+    $page->param(errmsg => "You are not permitted to make bulk changes in the requested group");
+    goto DONEBULK;
+  }
+
   if ($webvar{action} eq 'move') {
     changepage(page => "domlist", errmsg => "You are not permitted to bulk-move domains")
@@ -789 +822 @@
       my %row;
       next unless $_ =~ /^dom_\d+$/;
+      # second security check - does the user have permission to meddle with this domain?
+      if (!check_scope($webvar{$_}, 'domain')) {
+        $row{domerr} = "You are not permitted to make changes to the requested domain";
+        $row{domain} = $webvar{$_};
+        push @bulkresults, \%row;
+        next;
+      }
       $row{domain} = domainName($dbh,$webvar{$_});
       my ($code, $msg) = changeGroup($dbh, 'domain', $webvar{$_}, $webvar{destgroup});
@@ -812 +852 @@
       my %row;
       next unless $_ =~ /^dom_\d+$/;
+      # second security check - does the user have permission to meddle with this domain?
+      if (!check_scope($webvar{$_}, 'domain')) {
+        $row{domerr} = "You are not permitted to make changes to the requested domain";
+        $row{domain} = $webvar{$_};
+        push @bulkresults, \%row;
+        next;
+      }
       $row{domain} = domainName($dbh,$webvar{$_});
 ##fixme:  error handling on status change
@@ -832 +879 @@
       my %row;
       next unless $_ =~ /^dom_\d+$/;
+      # second security check - does the user have permission to meddle with this domain?
+      if (!check_scope($webvar{$_}, 'domain')) {
+        $row{domerr} = "You are not permitted to make changes to the requested domain";
+        $row{domain} = $webvar{$_};
+        push @bulkresults, \%row;
+        next;
+      }
       $row{domain} = domainName($dbh,$webvar{$_});
       my $pargroup = parentID($webvar{$_}, 'dom', 'group');
@@ -851 +905 @@
   # not going to handle the unknown $webvar{action} else;  it should not be possible in normal
   # operations, and anyone who meddles with the URL gets what they deserve.
+
+  # Yes, this is a GOTO target.  PTHBTTT.
+  DONEBULK: ;
 
 } elsif ($webvar{page} eq 'useradmin') {
@@ -1172 +1229 @@
   $webvar{doit} = '' if !defined($webvar{doit});
 
+  # security check - does the user have permission to access this entity?
+  if (!check_scope($webvar{group}, 'group')) {
+    $page->param(errmsg => "You are not permitted to import domains into the requested group");
+    goto DONEAXFR;
+  }
+
   if ($webvar{doit} eq 'y' && !$webvar{ifrom}) {
     $page->param(errmsg => "Need to set host to import from");
@@ -1200 +1263 @@
     $page->param(axfrresults => \@results);
   }
+
+  # Yes, this is a GOTO target.  PTBHTTT.
+  DONEAXFR: ;
 
 } elsif ($webvar{page} eq 'whoisq') {
@@ -1972 +2038 @@
   }
 }
+
+# so simple when defined as a sub instead of inline.  O_o
+sub check_scope {
+  my $entity = shift;
+  my $entype = shift;
+
+  if ($entype eq 'group') {
+    return 1 if grep /^$entity$/, @viewablegroups;
+  } else {
+    foreach (@viewablegroups) {
+      return 1 if isParent($dbh, $_, 'group', $entity, $entype);
+    }
+  }
+}

trunk/templates/record.tmpl

@@ -4 +4 @@
 
 <td align="center" valign="top">
+
+<TMPL_IF perm_err>
+<div class='errmsg'><TMPL_VAR NAME=perm_err></div>
+<TMPL_ELSE>
 
 <form action="dns.cgi" method="post">
@@ -62 +66 @@
 
 </fieldset>
-</form>    
+</form>   
+ 
+</TMPL_IF>
 
 </td>