From 8cb6f8ffd31ec33479c9696c5263b7a8e27fe273 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Fri, 05 Jun 2015 04:40:23 -0400
Subject: [PATCH] Merge branch 'stable-3.0.5'
---
interface/web/sites/lib/lang/de_shell_user.lng | 2
interface/web/tools/dns_import_tupa.php | 7 +
interface/web/admin/language_add.php | 9 ++
interface/web/sites/lib/lang/ar_shell_user.lng | 2
interface/web/themes/default/templates/form.tpl.htm | 4
interface/web/tools/resync.php | 11 ++
interface/web/admin/remote_action_osupdate.php | 9 ++
interface/web/vm/openvz_action.php | 9 ++
interface/web/admin/language_import.php | 9 ++
server/plugins-available/shelluser_base_plugin.inc.php | 8 +
interface/web/admin/language_edit.php | 9 ++
interface/lib/classes/auth.inc.php | 50 ++++++++++++
interface/web/admin/language_complete.php | 8 ++
interface/web/dns/dns_wizard.php | 10 ++
interface/web/client/client_message.php | 10 ++
interface/lib/classes/tform_base.inc.php | 14 +--
interface/web/admin/server_config_edit.php | 10 +
interface/lib/lang/de.lng | 1
interface/web/sites/lib/lang/en_shell_user.lng | 2
interface/web/tools/import_ispconfig.php | 9 ++
interface/web/admin/remote_action_ispcupdate.php | 9 ++
21 files changed, 181 insertions(+), 21 deletions(-)
diff --git a/interface/lib/classes/auth.inc.php b/interface/lib/classes/auth.inc.php
index e281c03..4c97757 100644
--- a/interface/lib/classes/auth.inc.php
+++ b/interface/lib/classes/auth.inc.php
@@ -222,6 +222,56 @@
$salt.="$";
return crypt($cleartext_password, $salt);
}
+
+ public function csrf_token_get($form_name) {
+ /* CSRF PROTECTION */
+ // generate csrf protection id and key
+ $_csrf_id = uniqid($form_name . '_'); // form id
+ $_csrf_key = sha1(uniqid(microtime(true), true)); // the key
+ if(!isset($_SESSION['_csrf'])) $_SESSION['_csrf'] = array();
+ if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array();
+ $_SESSION['_csrf'][$_csrf_id] = $_csrf_key;
+ $_SESSION['_csrf_timeout'][$_csrf_id] = time() + 3600; // timeout hash in 1 hour
+
+ return array('csrf_id' => $_csrf_id,'csrf_key' => $_csrf_key);
+ }
+
+ public function csrf_token_check() {
+ global $app;
+
+ if(isset($_POST) && is_array($_POST)) {
+ $_csrf_valid = false;
+ if(isset($_POST['_csrf_id']) && isset($_POST['_csrf_key'])) {
+ $_csrf_id = trim($_POST['_csrf_id']);
+ $_csrf_key = trim($_POST['_csrf_key']);
+ if(isset($_SESSION['_csrf']) && isset($_SESSION['_csrf'][$_csrf_id]) && isset($_SESSION['_csrf_timeout']) && isset($_SESSION['_csrf_timeout'][$_csrf_id])) {
+ if($_SESSION['_csrf'][$_csrf_id] === $_csrf_key && $_SESSION['_csrf_timeout'] >= time()) $_csrf_valid = true;
+ }
+ }
+ if($_csrf_valid !== true) {
+ $app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN);
+ $app->error($app->lng('err_csrf_attempt_blocked'));
+ }
+ $_SESSION['_csrf'][$_csrf_id] = null;
+ $_SESSION['_csrf_timeout'][$_csrf_id] = null;
+ unset($_SESSION['_csrf'][$_csrf_id]);
+ unset($_SESSION['_csrf_timeout'][$_csrf_id]);
+
+ if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
+ $to_unset = array();
+ foreach($_SESSION['_csrf_timeout'] as $_csrf_id => $timeout) {
+ if($timeout < time()) $to_unset[] = $_csrf_id;
+ }
+ foreach($to_unset as $_csrf_id) {
+ $_SESSION['_csrf'][$_csrf_id] = null;
+ $_SESSION['_csrf_timeout'][$_csrf_id] = null;
+ unset($_SESSION['_csrf'][$_csrf_id]);
+ unset($_SESSION['_csrf_timeout'][$_csrf_id]);
+ }
+ unset($to_unset);
+ }
+ }
+ }
}
diff --git a/interface/lib/classes/tform_base.inc.php b/interface/lib/classes/tform_base.inc.php
index 104217d..784e96a 100644
--- a/interface/lib/classes/tform_base.inc.php
+++ b/interface/lib/classes/tform_base.inc.php
@@ -416,12 +416,10 @@
/* CSRF PROTECTION */
// generate csrf protection id and key
- $_csrf_id = uniqid($this->formDef['name'] . '_');
- $_csrf_value = sha1(uniqid(microtime(true), true));
- if(!isset($_SESSION['_csrf'])) $_SESSION['_csrf'] = array();
- if(!isset($_SESSION['_csrf_timeout'])) $_SESSION['_csrf_timeout'] = array();
- $_SESSION['_csrf'][$_csrf_id] = $_csrf_value;
- $_SESSION['_csrf_timeout'][$_csrf_id] = time() + 3600; // timeout hash in 1 hour
+ $csrf_token = $app->auth->csrf_token_get($this->formDef['name']);
+ $_csrf_id = $csrf_token['csrf_id'];
+ $_csrf_value = $csrf_token['csrf_key'];
+
$this->formDef['tabs'][$tab]['fields']['_csrf_id'] = array(
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
@@ -714,10 +712,6 @@
unset($_POST);
unset($record);
}
- $_SESSION['_csrf'][$_csrf_id] = null;
- $_SESSION['_csrf_timeout'][$_csrf_id] = null;
- unset($_SESSION['_csrf'][$_csrf_id]);
- unset($_SESSION['_csrf_timeout'][$_csrf_id]);
if(isset($_SESSION['_csrf_timeout']) && is_array($_SESSION['_csrf_timeout'])) {
$to_unset = array();
diff --git a/interface/lib/lang/de.lng b/interface/lib/lang/de.lng
index 1fc1152..fb35c30 100644
--- a/interface/lib/lang/de.lng
+++ b/interface/lib/lang/de.lng
@@ -43,6 +43,7 @@
$wb['latest_news_txt'] = 'Neuigkeiten';
$wb['err_csrf_attempt_blocked'] = 'CSRF-Versuch blockiert.';
$wb['top_menu_vm'] = 'vServer';
+$wb['err_csrf_attempt_blocked'] = 'CSRF-Versuch blockiert.';
$wb['daynamesmin_su'] = 'So';
$wb['daynamesmin_mo'] = 'Mo';
$wb['daynamesmin_tu'] = 'Di';
diff --git a/interface/web/admin/language_add.php b/interface/web/admin/language_add.php
index 8c488c3..f58a2db 100644
--- a/interface/web/admin/language_add.php
+++ b/interface/web/admin/language_add.php
@@ -65,6 +65,10 @@
$app->tpl->setVar('error', $error);
if(isset($_POST['lng_new']) && strlen($_POST['lng_new']) == 2 && $error == '') {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$lng_new = $_POST['lng_new'];
if(!preg_match("/^[a-z]{2}$/i", $lng_new)) die('unallowed characters in language name.');
@@ -94,6 +98,11 @@
$app->tpl->setVar('msg', $msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_add');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
//* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_add.lng';
include $lng_file;
diff --git a/interface/web/admin/language_complete.php b/interface/web/admin/language_complete.php
index d8f4bbd..d28e89a 100644
--- a/interface/web/admin/language_complete.php
+++ b/interface/web/admin/language_complete.php
@@ -67,6 +67,9 @@
// Export the language file
if(isset($_POST['lng_select']) && $error == '') {
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
// complete the global langauge file
merge_langfile(ISPC_LIB_PATH."/lang/".$selected_language.".lng", ISPC_LIB_PATH."/lang/en.lng");
@@ -157,6 +160,11 @@
$app->tpl->setVar('msg', $msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_merge');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
//* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_complete.lng';
include $lng_file;
diff --git a/interface/web/admin/language_edit.php b/interface/web/admin/language_edit.php
index 7d83b9b..c94a5eb 100644
--- a/interface/web/admin/language_edit.php
+++ b/interface/web/admin/language_edit.php
@@ -55,6 +55,10 @@
//* Save data
if(isset($_POST['records']) && is_array($_POST['records'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$file_content = "<?php\n";
foreach($_POST['records'] as $key => $val) {
$val = stripslashes($val);
@@ -93,6 +97,11 @@
unset($wb);
}
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_edit');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
//* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_edit.lng';
diff --git a/interface/web/admin/language_import.php b/interface/web/admin/language_import.php
index d53575b..00d105c 100644
--- a/interface/web/admin/language_import.php
+++ b/interface/web/admin/language_import.php
@@ -129,6 +129,10 @@
// Export the language file
if(isset($_FILES['file']['name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$lines = file($_FILES['file']['tmp_name']);
// initial check
$parts = explode('|', $lines[0]);
@@ -183,6 +187,11 @@
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('language_import');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
//* load language file
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_language_import.lng';
include $lng_file;
diff --git a/interface/web/admin/remote_action_ispcupdate.php b/interface/web/admin/remote_action_ispcupdate.php
index 2634006..f22661e 100644
--- a/interface/web/admin/remote_action_ispcupdate.php
+++ b/interface/web/admin/remote_action_ispcupdate.php
@@ -66,6 +66,10 @@
//* Note: Disabled post action
if (1 == 0 && isset($_POST['server_select'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$server = $_POST['server_select'];
$servers = array();
if ($server == '*') {
@@ -88,6 +92,11 @@
$app->tpl->setVar('msg', $msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('ispupdate');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl->setVar($wb);
$app->tpl_defaults();
diff --git a/interface/web/admin/remote_action_osupdate.php b/interface/web/admin/remote_action_osupdate.php
index 8f48e29..5e73cdf 100644
--- a/interface/web/admin/remote_action_osupdate.php
+++ b/interface/web/admin/remote_action_osupdate.php
@@ -62,6 +62,10 @@
* If the user wants to do the action, write this to our db
*/
if (isset($_POST['server_select'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$server = $_POST['server_select'];
$servers = array();
if ($server == '*') {
@@ -84,6 +88,11 @@
$app->tpl->setVar('msg', $msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('osupdate');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl->setVar($wb);
$app->tpl_defaults();
diff --git a/interface/web/admin/server_config_edit.php b/interface/web/admin/server_config_edit.php
index d64b6dd..4c03e7e 100644
--- a/interface/web/admin/server_config_edit.php
+++ b/interface/web/admin/server_config_edit.php
@@ -93,10 +93,14 @@
}
}
- $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
- $server_config_str = $app->ini_parser->get_ini_string($server_config_array);
+ if($app->tform->errorMessage == '') {
+ $server_config_array[$section] = $app->tform->encode($this->dataRecord, $section);
+ $server_config_str = $app->ini_parser->get_ini_string($server_config_array);
- $app->db->datalogUpdate('server', array("config" => $server_config_str), 'server_id', $server_id);
+ $app->db->datalogUpdate('server', array("config" => $server_config_str), 'server_id', $server_id);
+ } else {
+ $app->error('Security breach!');
+ }
}
}
diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php
index 0e3bd2e..eb8bcdb 100644
--- a/interface/web/client/client_message.php
+++ b/interface/web/client/client_message.php
@@ -51,7 +51,10 @@
//* Save data
if(isset($_POST) && count($_POST) > 1) {
-
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
//* Check values
if(!preg_match("/^\w+[\w\.\-\+]*\w{0,}@\w+[\w.-]*\w+\.[a-zA-Z0-9\-]{2,30}$/i", $_POST['sender'])) $error .= $wb['sender_invalid_error'].'<br />';
if(empty($_POST['subject'])) $error .= $wb['subject_invalid_error'].'<br />';
@@ -161,6 +164,11 @@
}
$app->tpl->setVar('message_variables', trim($message_variables));
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('client_message');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl->setVar('okmsg', $msg);
$app->tpl->setVar('error', $error);
diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php
index 198245b..1800259 100644
--- a/interface/web/dns/dns_wizard.php
+++ b/interface/web/dns/dns_wizard.php
@@ -197,7 +197,10 @@
}
if($_POST['create'] == 1) {
-
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$error = '';
if ($post_server_id)
@@ -430,6 +433,11 @@
$app->tpl->setVar("title", 'DNS Wizard');
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('dns_wizard');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$lng_file = 'lib/lang/'.$_SESSION['s']['language'].'_dns_wizard.lng';
include $lng_file;
$app->tpl->setVar($wb);
diff --git a/interface/web/sites/lib/lang/ar_shell_user.lng b/interface/web/sites/lib/lang/ar_shell_user.lng
index 0b274d3..eac85fd 100644
--- a/interface/web/sites/lib/lang/ar_shell_user.lng
+++ b/interface/web/sites/lib/lang/ar_shell_user.lng
@@ -1,6 +1,6 @@
<?php
$wb['shell_txt'] = 'Shell';
-$wb['dir_txt'] = 'Dir';
+$wb['dir_txt'] = 'Base Dir';
$wb['server_id_txt'] = 'Server';
$wb['parent_domain_id_txt'] = 'Site';
$wb['username_txt'] = 'Username';
diff --git a/interface/web/sites/lib/lang/de_shell_user.lng b/interface/web/sites/lib/lang/de_shell_user.lng
index 4ae442c..9130b45 100644
--- a/interface/web/sites/lib/lang/de_shell_user.lng
+++ b/interface/web/sites/lib/lang/de_shell_user.lng
@@ -1,6 +1,6 @@
<?php
$wb['shell_txt'] = 'Shell';
-$wb['dir_txt'] = 'Verzeichnis';
+$wb['dir_txt'] = 'Basis Verzeichnis';
$wb['server_id_txt'] = 'Server';
$wb['parent_domain_id_txt'] = 'Webseite';
$wb['username_txt'] = 'Benutzername';
diff --git a/interface/web/sites/lib/lang/en_shell_user.lng b/interface/web/sites/lib/lang/en_shell_user.lng
index 66d3367..1b605b5 100644
--- a/interface/web/sites/lib/lang/en_shell_user.lng
+++ b/interface/web/sites/lib/lang/en_shell_user.lng
@@ -2,7 +2,7 @@
$wb['puser_txt'] = "Web Username";
$wb['pgroup_txt'] = "Web Group";
$wb['shell_txt'] = "Shell";
-$wb['dir_txt'] = "Dir";
+$wb['dir_txt'] = "Base Dir";
$wb['server_id_txt'] = "Server";
$wb['parent_domain_id_txt'] = "Site";
$wb['username_txt'] = "Username";
diff --git a/interface/web/themes/default/templates/form.tpl.htm b/interface/web/themes/default/templates/form.tpl.htm
index 429bfd9..a2d3dfc 100644
--- a/interface/web/themes/default/templates/form.tpl.htm
+++ b/interface/web/themes/default/templates/form.tpl.htm
@@ -1 +1,3 @@
-<tmpl_dyninclude name="content_tpl">
\ No newline at end of file
+<tmpl_dyninclude name="content_tpl">
+<input type="hidden" name="_csrf_id" value="{tmpl_var name='_csrf_id'}" />
+<input type="hidden" name="_csrf_key" value="{tmpl_var name='_csrf_key'}" />
\ No newline at end of file
diff --git a/interface/web/tools/dns_import_tupa.php b/interface/web/tools/dns_import_tupa.php
index b81a83b..849a097 100644
--- a/interface/web/tools/dns_import_tupa.php
+++ b/interface/web/tools/dns_import_tupa.php
@@ -45,6 +45,9 @@
// Resyncing dns zones
if(isset($_POST['start']) && $_POST['start'] == 1) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
//* Set variable sin template
$app->tpl->setVar('dbhost', $_POST['dbhost']);
@@ -181,6 +184,10 @@
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('dns_import');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
$app->tpl_defaults();
$app->tpl->pparse();
diff --git a/interface/web/tools/import_ispconfig.php b/interface/web/tools/import_ispconfig.php
index 0998d18..efcf022 100644
--- a/interface/web/tools/import_ispconfig.php
+++ b/interface/web/tools/import_ispconfig.php
@@ -49,6 +49,10 @@
$app->tpl->setVar($wb);
if(isset($_POST['connected'])) {
+
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+
$connected = $app->functions->intval($_POST['connected']);
if($connected == 0) {
@@ -133,6 +137,11 @@
$app->tpl->setVar('msg', $msg);
$app->tpl->setVar('error', $error);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('ispconfig_import');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl_defaults();
$app->tpl->pparse();
diff --git a/interface/web/tools/resync.php b/interface/web/tools/resync.php
index e99e511..2e6af49 100644
--- a/interface/web/tools/resync.php
+++ b/interface/web/tools/resync.php
@@ -368,6 +368,10 @@
}
}
+ $csrf_token = $app->auth->csrf_token_get('tools_resync');
+ $app->tpl->setVar('_csrf_id', $csrf_token['csrf_id']);
+ $app->tpl->setVar('_csrf_key', $csrf_token['csrf_key']);
+
parent::onShowEnd();
}
@@ -418,7 +422,12 @@
function onSubmit() {
global $app;
-
+
+ if(isset($_POST) && count($_POST) > 1) {
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+ }
+
//* all services
if($this->dataRecord['resync_all'] == 1) {
$this->dataRecord['resync_sites'] = 1;
diff --git a/interface/web/vm/openvz_action.php b/interface/web/vm/openvz_action.php
index 757f55e..4b429eb 100644
--- a/interface/web/vm/openvz_action.php
+++ b/interface/web/vm/openvz_action.php
@@ -17,6 +17,10 @@
if($vm_id == 0) die('Invalid VM ID');
+if(isset($_POST) && count($_POST) > 1) {
+ //* CSRF Check
+ $app->auth->csrf_token_check();
+}
$vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = ?", $vm_id);
$veid = $app->functions->intval($vm['veid']);
$server_id = $app->functions->intval($vm['server_id']);
@@ -112,6 +116,11 @@
$app->tpl->setVar($options);
$app->tpl->setVar('error', $error_msg);
+//* SET csrf token
+$csrf_token = $app->auth->csrf_token_get('openvz_action');
+$app->tpl->setVar('_csrf_id',$csrf_token['csrf_id']);
+$app->tpl->setVar('_csrf_key',$csrf_token['csrf_key']);
+
$app->tpl_defaults();
$app->tpl->pparse();
diff --git a/server/plugins-available/shelluser_base_plugin.inc.php b/server/plugins-available/shelluser_base_plugin.inc.php
index a0ae9a5..d66428b 100755
--- a/server/plugins-available/shelluser_base_plugin.inc.php
+++ b/server/plugins-available/shelluser_base_plugin.inc.php
@@ -237,7 +237,7 @@
$app->system->chgrp(escapeshellcmd($data['new']['dir'].'/home'),escapeshellcmd($data['new']['pgroup']));
}
$app->file->mkdirs(escapeshellcmd($homedir), '0750');
- $app->system->chown(escapeshellcmd($homedir),escapeshellcmd($data['new']['username']));
+ $app->system->chown(escapeshellcmd($homedir),escapeshellcmd($data['new']['puser']));
$app->system->chgrp(escapeshellcmd($homedir),escapeshellcmd($data['new']['pgroup']));
$app->system->web_folder_protection($web['document_root'], true);
} else {
@@ -407,6 +407,12 @@
}
$sshrsa = trim($sshrsa);
$usrdir = escapeshellcmd($this->data['new']['dir']);
+ //* Home directory of the new shell user
+ if($this->data['new']['chroot'] == 'jailkit') {
+ $usrdir = escapeshellcmd($this->data['new']['dir']);
+ } else {
+ $usrdir = escapeshellcmd($this->data['new']['dir'].'/home/'.$this->data['new']['username']);
+ }
$sshdir = $usrdir.'/.ssh';
$sshkeys= $usrdir.'/.ssh/authorized_keys';
--
Gitblit v1.9.1