gitlabFork/ISPConfig3.git - Solinfo Gitblit

parent: 061d7c84 | patch | commit | show whitespace

Marius Cramer

2014-07-29 64ea56164ad8f0f2cee5676f84d2d8f064e986e1

Improved input validation

9 files modified

	interface/lib/classes/functions.inc.php	18 ●●●●● patch \| view \| raw \| blame \| history
	interface/web/sites/web_domain_edit.php	4 ●●●●● patch \| view \| raw \| blame \| history
	server/lib/classes/system.inc.php	24 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/apache2_plugin.inc.php	3 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/cron_jailkit_plugin.inc.php	16 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/cron_plugin.inc.php	7 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/nginx_plugin.inc.php	5 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/shelluser_base_plugin.inc.php	14 ●●●●● patch \| view \| raw \| blame \| history
	server/plugins-available/shelluser_jailkit_plugin.inc.php	14 ●●●●● patch \| view \| raw \| blame \| history

 interface/lib/classes/functions.inc.php

@@ -424,6 +424,24 @@
        return implode("\n", $domains);
    }

    public function is_allowed_user($username, $restrict_names = false) {
        global $app;
		
        if($username == 'root') return false;
        if($restrict_names == true && preg_match('/^web\d+$/', $username) == false) return false;
		
        return true;
    }
	
    public function is_allowed_group($groupname, $restrict_names = false) {
        global $app;
		
        if($groupname == 'root') return false;
        if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;
		
        return true;
    }

}

?>

 interface/web/sites/web_domain_edit.php

@@ -607,9 +607,11 @@
            // When the record is updated
            if($this->id > 0) {
                // restore the server ID if the user is not admin and record is edited
                $tmp = $app->db->queryOneRecord("SELECT server_id, `cgi`, `ssi`, `perl`, `ruby`, `python`, `suexec`, `errordocs`, `subdomain`, `ssl` FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
                $tmp = $app->db->queryOneRecord("SELECT server_id, `system_user`, `system_group`, `cgi`, `ssi`, `perl`, `ruby`, `python`, `suexec`, `errordocs`, `subdomain`, `ssl` FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
                $this->dataRecord["server_id"] = $tmp["server_id"];

                $this->dataRecord['system_user'] = $tmp['system_user'];
                $this->dataRecord['system_group'] = $tmp['system_group'];
                // set the settings to current if not provided (or cleared due to limits)
                if($this->dataRecord['cgi'] == 'n') $this->dataRecord['cgi'] = $tmp['cgi'];
                if($this->dataRecord['ssi'] == 'n') $this->dataRecord['ssi'] = $tmp['ssi'];

 server/lib/classes/system.inc.php

@@ -34,6 +34,8 @@
    var $server_id;
    var $server_conf;
    var $data;
    var $min_uid = 500;
    var $min_gid = 500;

    /**
     * Construct for this class
@@ -1816,6 +1818,28 @@
        return true;
    }
    
    public function is_allowed_user($username, $check_id = true, $restrict_names = false) {
        global $app;
		
        if($username == 'root') return false;
        if($check_id && intval($this->getuid($username)) < $this->min_uid) return false;
		
        if($restrict_names == true && preg_match('/^web\d+$/', $username) == false) return false;
		
        return true;
    }
	
    public function is_allowed_group($groupname, $restrict_names = false) {
        global $app;
		
        if($groupname == 'root') return false;
        if(intval($this->getgid($groupname)) < $this->min_gid) return false;
		
        if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;
		
        return true;
    }
	
}

?>

 server/plugins-available/apache2_plugin.inc.php

@@ -344,7 +344,8 @@
            if($data['new']['type'] == 'vhost' || $data['new']['type'] == 'vhostsubdomain') $app->log('document_root not set', LOGLEVEL_WARN);
            return 0;
        }
        if($data['new']['system_user'] == 'root' or $data['new']['system_group'] == 'root') {
        if(!$app->system->is_allowed_user($data['new']['system_user'], false, true)
            || !$app->system->is_allowed_group($data['new']['system_group'], false, true)) {
            $app->log('Websites cannot be owned by the root user or group.', LOGLEVEL_WARN);
            return 0;
        }

 server/plugins-available/cron_jailkit_plugin.inc.php

@@ -80,10 +80,14 @@
        if(!$parent_domain["domain_id"]) {
            $app->log("Parent domain not found", LOGLEVEL_WARN);
            return 0;
        } elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') {
            $app->log("Websites (and Crons) cannot be owned by the root user or group.", LOGLEVEL_WARN);
            return 0;
        }

        if(!$app->system->is_allowed_user($parent_domain['system_user'], true, true)
            || !$app->system->is_allowed_group($parent_domain['system_group'], true, true)) {
            $app->log("Websites (and Crons) cannot be owned by the root user or group.", LOGLEVEL_WARN);
            return false;
        }


        $this->parent_domain = $parent_domain;

@@ -155,9 +159,11 @@
        if(!$parent_domain["domain_id"]) {
            $app->log("Parent domain not found", LOGLEVEL_WARN);
            return 0;
        } elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') {
        }
        if(!$app->system->is_allowed_user($parent_domain['system_user'], true, true)
            || !$app->system->is_allowed_group($parent_domain['system_group'], true, true)) {
            $app->log("Websites (and Crons) cannot be owned by the root user or group.", LOGLEVEL_WARN);
            return 0;
            return false;
        }

        $app->uses('system');

 server/plugins-available/cron_plugin.inc.php

@@ -96,9 +96,12 @@
        if(!$parent_domain["domain_id"]) {
            $app->log("Parent domain not found", LOGLEVEL_WARN);
            return 0;
        } elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') {
        }

        if(!$app->system->is_allowed_user($parent_domain['system_user'], true, true)
            || !$app->system->is_allowed_group($parent_domain['system_group'], true, true)) {
            $app->log("Websites (and Crons) cannot be owned by the root user or group.", LOGLEVEL_WARN);
            return 0;
            return false;
        }

        // Get the client ID

 server/plugins-available/nginx_plugin.inc.php

@@ -351,10 +351,13 @@
            if($data['new']['type'] == 'vhost' || $data['new']['type'] == 'vhostsubdomain') $app->log('document_root not set', LOGLEVEL_WARN);
            return 0;
        }
        if($data['new']['system_user'] == 'root' or $data['new']['system_group'] == 'root') {

        if(!$app->system->is_allowed_user($data['new']['system_user'], false, true)
            || !$app->system->is_allowed_group($data['new']['system_group'], false, true)) {
            $app->log('Websites cannot be owned by the root user or group.', LOGLEVEL_WARN);
            return 0;
        }

        if(trim($data['new']['domain']) == '') {
            $app->log('domain is empty', LOGLEVEL_WARN);
            return 0;

 server/plugins-available/shelluser_base_plugin.inc.php

@@ -83,6 +83,13 @@
            return false;
        }

        if(!$app->system->is_allowed_user($data['new']['username'], false, false)
            || !$app->system->is_allowed_user($data['new']['puser'], true, true)
            || !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
            $app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
            return false;
        }

        if($app->system->is_user($data['new']['puser'])) {

            //* Remove webfolder protection
@@ -151,6 +158,13 @@
            return false;
        }

        if(!$app->system->is_allowed_user($data['new']['username'], false, false)
            || !$app->system->is_allowed_user($data['new']['puser'], true, true)
            || !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
            $app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
            return false;
        }
		
        if($app->system->is_user($data['new']['puser'])) {
            // Get the UID of the parent user
            $uid = intval($app->system->getuid($data['new']['puser']));

 server/plugins-available/shelluser_jailkit_plugin.inc.php

@@ -74,6 +74,13 @@
        $app->uses('system');
        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);

        if(!$app->system->is_allowed_user($data['new']['username'], false, false)
            || !$app->system->is_allowed_user($data['new']['puser'], true, true)
            || !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
            $app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
            return false;
        }

        if($app->system->is_user($data['new']['puser'])) {
            // Get the UID of the parent user
            $uid = intval($app->system->getuid($data['new']['puser']));
@@ -139,6 +146,13 @@
        $app->uses('system');
        $web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);

        if(!$app->system->is_allowed_user($data['new']['username'], false, false)
            || !$app->system->is_allowed_user($data['new']['puser'], true, true)
            || !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
            $app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
            return false;
        }

        if($app->system->is_user($data['new']['puser'])) {
            // Get the UID of the parent user
            $uid = intval($app->system->getuid($data['new']['puser']));

			@@ -424,6 +424,24 @@
			return implode("\n", $domains);
			}

			public function is_allowed_user($username, $restrict_names = false) {
			global $app;

			if($username == 'root') return false;
			if($restrict_names == true && preg_match('/^web\d+$/', $username) == false) return false;

			return true;
			}

			public function is_allowed_group($groupname, $restrict_names = false) {
			global $app;

			if($groupname == 'root') return false;
			if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;

			return true;
			}

			}

			?>

			@@ -607,9 +607,11 @@
			// When the record is updated
			if($this->id > 0) {
			// restore the server ID if the user is not admin and record is edited
			$tmp = $app->db->queryOneRecord("SELECT server_id, `cgi`, `ssi`, `perl`, `ruby`, `python`, `suexec`, `errordocs`, `subdomain`, `ssl` FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
			$tmp = $app->db->queryOneRecord("SELECT server_id, `system_user`, `system_group`, `cgi`, `ssi`, `perl`, `ruby`, `python`, `suexec`, `errordocs`, `subdomain`, `ssl` FROM web_domain WHERE domain_id = ".$app->functions->intval($this->id));
			$this->dataRecord["server_id"] = $tmp["server_id"];

			$this->dataRecord['system_user'] = $tmp['system_user'];
			$this->dataRecord['system_group'] = $tmp['system_group'];
			// set the settings to current if not provided (or cleared due to limits)
			if($this->dataRecord['cgi'] == 'n') $this->dataRecord['cgi'] = $tmp['cgi'];
			if($this->dataRecord['ssi'] == 'n') $this->dataRecord['ssi'] = $tmp['ssi'];

			@@ -34,6 +34,8 @@
			var $server_id;
			var $server_conf;
			var $data;
			var $min_uid = 500;
			var $min_gid = 500;

			/**
			* Construct for this class
			@@ -1816,6 +1818,28 @@
			return true;
			}

			public function is_allowed_user($username, $check_id = true, $restrict_names = false) {
			global $app;

			if($username == 'root') return false;
			if($check_id && intval($this->getuid($username)) < $this->min_uid) return false;

			if($restrict_names == true && preg_match('/^web\d+$/', $username) == false) return false;

			return true;
			}

			public function is_allowed_group($groupname, $restrict_names = false) {
			global $app;

			if($groupname == 'root') return false;
			if(intval($this->getgid($groupname)) < $this->min_gid) return false;

			if($restrict_names == true && preg_match('/^client\d+$/', $groupname) == false) return false;

			return true;
			}

			}

			?>

			@@ -344,7 +344,8 @@
			if($data['new']['type'] == 'vhost' \|\| $data['new']['type'] == 'vhostsubdomain') $app->log('document_root not set', LOGLEVEL_WARN);
			return 0;
			}
			if($data['new']['system_user'] == 'root' or $data['new']['system_group'] == 'root') {
			if(!$app->system->is_allowed_user($data['new']['system_user'], false, true)
			\|\| !$app->system->is_allowed_group($data['new']['system_group'], false, true)) {
			$app->log('Websites cannot be owned by the root user or group.', LOGLEVEL_WARN);
			return 0;
			}

			@@ -80,10 +80,14 @@
			if(!$parent_domain["domain_id"]) {
			$app->log("Parent domain not found", LOGLEVEL_WARN);
			return 0;
			} elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') {
			$app->log("Websites (and Crons) cannot be owned by the root user or group.", LOGLEVEL_WARN);
			return 0;
			}

			if(!$app->system->is_allowed_user($parent_domain['system_user'], true, true)
			\|\| !$app->system->is_allowed_group($parent_domain['system_group'], true, true)) {
			$app->log("Websites (and Crons) cannot be owned by the root user or group.", LOGLEVEL_WARN);
			return false;
			}


			$this->parent_domain = $parent_domain;

			@@ -155,9 +159,11 @@
			if(!$parent_domain["domain_id"]) {
			$app->log("Parent domain not found", LOGLEVEL_WARN);
			return 0;
			} elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') {
			}
			if(!$app->system->is_allowed_user($parent_domain['system_user'], true, true)
			\|\| !$app->system->is_allowed_group($parent_domain['system_group'], true, true)) {
			$app->log("Websites (and Crons) cannot be owned by the root user or group.", LOGLEVEL_WARN);
			return 0;
			return false;
			}

			$app->uses('system');

			@@ -96,9 +96,12 @@
			if(!$parent_domain["domain_id"]) {
			$app->log("Parent domain not found", LOGLEVEL_WARN);
			return 0;
			} elseif($parent_domain["system_user"] == 'root' or $parent_domain["system_group"] == 'root') {
			}

			if(!$app->system->is_allowed_user($parent_domain['system_user'], true, true)
			\|\| !$app->system->is_allowed_group($parent_domain['system_group'], true, true)) {
			$app->log("Websites (and Crons) cannot be owned by the root user or group.", LOGLEVEL_WARN);
			return 0;
			return false;
			}

			// Get the client ID

			@@ -351,10 +351,13 @@
			if($data['new']['type'] == 'vhost' \|\| $data['new']['type'] == 'vhostsubdomain') $app->log('document_root not set', LOGLEVEL_WARN);
			return 0;
			}
			if($data['new']['system_user'] == 'root' or $data['new']['system_group'] == 'root') {

			if(!$app->system->is_allowed_user($data['new']['system_user'], false, true)
			\|\| !$app->system->is_allowed_group($data['new']['system_group'], false, true)) {
			$app->log('Websites cannot be owned by the root user or group.', LOGLEVEL_WARN);
			return 0;
			}

			if(trim($data['new']['domain']) == '') {
			$app->log('domain is empty', LOGLEVEL_WARN);
			return 0;

			@@ -83,6 +83,13 @@
			return false;
			}

			if(!$app->system->is_allowed_user($data['new']['username'], false, false)
			\|\| !$app->system->is_allowed_user($data['new']['puser'], true, true)
			\|\| !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
			$app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
			return false;
			}

			if($app->system->is_user($data['new']['puser'])) {

			//* Remove webfolder protection
			@@ -151,6 +158,13 @@
			return false;
			}

			if(!$app->system->is_allowed_user($data['new']['username'], false, false)
			\|\| !$app->system->is_allowed_user($data['new']['puser'], true, true)
			\|\| !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
			$app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
			return false;
			}

			if($app->system->is_user($data['new']['puser'])) {
			// Get the UID of the parent user
			$uid = intval($app->system->getuid($data['new']['puser']));

			@@ -74,6 +74,13 @@
			$app->uses('system');
			$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);

			if(!$app->system->is_allowed_user($data['new']['username'], false, false)
			\|\| !$app->system->is_allowed_user($data['new']['puser'], true, true)
			\|\| !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
			$app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
			return false;
			}

			if($app->system->is_user($data['new']['puser'])) {
			// Get the UID of the parent user
			$uid = intval($app->system->getuid($data['new']['puser']));
			@@ -139,6 +146,13 @@
			$app->uses('system');
			$web = $app->db->queryOneRecord("SELECT * FROM web_domain WHERE domain_id = ".$data['new']['parent_domain_id']);

			if(!$app->system->is_allowed_user($data['new']['username'], false, false)
			\|\| !$app->system->is_allowed_user($data['new']['puser'], true, true)
			\|\| !$app->system->is_allowed_group($data['new']['pgroup'], true, true)) {
			$app->log('Shell user must not be root or in group root.',LOGLEVEL_WARN);
			return false;
			}

			if($app->system->is_user($data['new']['puser'])) {
			// Get the UID of the parent user
			$uid = intval($app->system->getuid($data['new']['puser']));