better tool protection

lam/HISTORY

@@ -1,4 +1,9 @@
-July 2012
+September 2012 3.9
+  - fixed bugs
+   -> Hidden tools are still shown in the "Tools" page (3546092)
+
+
+19.07.2012 3.8
   - quick (un)lock for users
   - allow to disable tools
   - LAM Pro:

lam/lib/security.inc

@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2006 - 2010  Roland Gruber
+  Copyright (C) 2006 - 2012  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -291,4 +291,19 @@ function checkPasswordStrength($password) {
 	return true;
 }
 
+/**
+ * Checks if the given tool is active.
+ * Otherwise, an error message is logged and the execution is stopped (die()).
+ * 
+ * @param String $tool tool class name (e.g. toolFileUpload)
+ */
+function checkIfToolIsActive($tool) {
+	$toolSettings = $_SESSION['config']->getToolSettings();
+		// check if hidden by config
+	if (isset($toolSettings['tool_hide_' . $tool]) && ($toolSettings['tool_hide_' . $tool] == 'true')) {
+		logNewMessage(LOG_ERR, 'Unauthorized access to tool ' . $tool . ' denied.');
+		die();
+	}
+}
+
 ?>

lam/templates/masscreate.php

@@ -46,6 +46,8 @@ startSecureSession();
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
 
+checkIfToolIsActive('toolFileUpload');
+
 // Redirect to startpage if user is not loged in
 if (!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) {
 	metaRefresh("login.php");

lam/templates/ou_edit.php

@@ -43,6 +43,8 @@ startSecureSession();
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
 
+checkIfToolIsActive('toolOUEditor');
+
 setlanguage();
 
 $types = $_SESSION['config']->get_ActiveTypes();

lam/templates/pdfedit/pdfmain.php

@@ -4,7 +4,7 @@ $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
   Copyright (C) 2003 - 2006  Michael Duergner
-                2005 - 2011  Roland Gruber
+                2005 - 2012  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -47,6 +47,8 @@ startSecureSession();
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
 
+checkIfToolIsActive('toolPDFEditor');
+
 setlanguage();
 
 // Unset pdf structure definitions in session if set

lam/templates/profedit/profilemain.php

@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2011  Roland Gruber
+  Copyright (C) 2003 - 2012  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -43,6 +43,8 @@ startSecureSession();
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
 
+checkIfToolIsActive('toolProfileEditor');
+
 setlanguage();
 
 $types = $_SESSION['config']->get_ActiveTypes();

lam/templates/schema/schema.php

@@ -3,7 +3,7 @@
 $Id$
 
   Copyright (C) 2004 David Smith
-  modified to fit for LDAP Account Manager 2005 - 2010 Roland Gruber
+  modified to fit for LDAP Account Manager 2005 - 2012 Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -43,6 +43,8 @@ require_once("../../lib/schema.inc");
 // start session
 startSecureSession();
 
+checkIfToolIsActive('toolSchemaBrowser');
+
 setlanguage();
 
 include '../main_header.php';

lam/templates/serverInfo.php

@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2009 - 2011  Roland Gruber
+  Copyright (C) 2009 - 2012  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -36,6 +36,8 @@ include_once("../lib/config.inc");
 // start session
 startSecureSession();
 
+checkIfToolIsActive('toolServerInformation');
+
 setlanguage();
 
 $namingContexts = '';

lam/templates/tests/index.php

@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2006 - 2010  Roland Gruber
+  Copyright (C) 2006 - 2012  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -39,6 +39,8 @@ startSecureSession();
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
 
+checkIfToolIsActive('toolTests');
+
 setlanguage();
 
 include '../main_header.php';

lam/templates/tests/lamdaemonTest.php

@@ -3,7 +3,7 @@
 $Id$
 
   This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2006 - 2010  Roland Gruber
+  Copyright (C) 2006 - 2012  Roland Gruber
 
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
@@ -40,6 +40,8 @@ startSecureSession();
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
 
+checkIfToolIsActive('toolTests');
+
 setlanguage();
 
 include '../main_header.php';

lam/templates/tests/schemaTest.php

@@ -43,6 +43,8 @@ startSecureSession();
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();
 
+checkIfToolIsActive('toolTests');
+
 setlanguage();
 
 include '../main_header.php';