better tool protection

2012-07-22 10:37:01 +00:00 · 2012-07-22 10:37:01 +00:00 · 79fcf4ca0e
parent c2243010a2
commit 79fcf4ca0e
11 changed files with 46 additions and 8 deletions
--- a/lam/HISTORY
+++ b/lam/HISTORY
@ -1,4 +1,9 @@
-July 2012
+September 2012 3.9
+  - fixed bugs
+   -> Hidden tools are still shown in the "Tools" page (3546092)
+
+
+19.07.2012 3.8
  - quick (un)lock for users
  - allow to disable tools
  - LAM Pro:
--- a/lam/lib/security.inc
+++ b/lam/lib/security.inc
@ -3,7 +3,7 @@
 $Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2006 - 2010  Roland Gruber
+  Copyright (C) 2006 - 2012  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -291,4 +291,19 @@ function checkPasswordStrength($password) {
 	return true;
 }

+/**
+ * Checks if the given tool is active.
+ * Otherwise, an error message is logged and the execution is stopped (die()).
+ * 
+ * @param String $tool tool class name (e.g. toolFileUpload)
+ */
+function checkIfToolIsActive($tool) {
+	$toolSettings = $_SESSION['config']->getToolSettings();
+		// check if hidden by config
+	if (isset($toolSettings['tool_hide_' . $tool]) && ($toolSettings['tool_hide_' . $tool] == 'true')) {
+		logNewMessage(LOG_ERR, 'Unauthorized access to tool ' . $tool . ' denied.');
+		die();
+	}
+}
+
 ?>
--- a/lam/templates/masscreate.php
+++ b/lam/templates/masscreate.php
@ -46,6 +46,8 @@ startSecureSession();
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();

+checkIfToolIsActive('toolFileUpload');
+
 // Redirect to startpage if user is not loged in
 if (!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) {
 	metaRefresh("login.php");
--- a/lam/templates/ou_edit.php
+++ b/lam/templates/ou_edit.php
@ -43,6 +43,8 @@ startSecureSession();
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();

+checkIfToolIsActive('toolOUEditor');
+
 setlanguage();

 $types = $_SESSION['config']->get_ActiveTypes();
--- a/lam/templates/pdfedit/pdfmain.php
+++ b/lam/templates/pdfedit/pdfmain.php
@ -4,7 +4,7 @@ $Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2003 - 2006  Michael Duergner
-                2005 - 2011  Roland Gruber
+                2005 - 2012  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -47,6 +47,8 @@ startSecureSession();
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();

+checkIfToolIsActive('toolPDFEditor');
+
 setlanguage();

 // Unset pdf structure definitions in session if set
--- a/lam/templates/profedit/profilemain.php
+++ b/lam/templates/profedit/profilemain.php
@ -3,7 +3,7 @@
 $Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2003 - 2011  Roland Gruber
+  Copyright (C) 2003 - 2012  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -43,6 +43,8 @@ startSecureSession();
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();

+checkIfToolIsActive('toolProfileEditor');
+
 setlanguage();

 $types = $_SESSION['config']->get_ActiveTypes();
--- a/lam/templates/schema/schema.php
+++ b/lam/templates/schema/schema.php
@ -3,7 +3,7 @@
 $Id$

  Copyright (C) 2004 David Smith
-  modified to fit for LDAP Account Manager 2005 - 2010 Roland Gruber
+  modified to fit for LDAP Account Manager 2005 - 2012 Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -43,6 +43,8 @@ require_once("../../lib/schema.inc");
 // start session
 startSecureSession();

+checkIfToolIsActive('toolSchemaBrowser');
+
 setlanguage();

 include '../main_header.php';
--- a/lam/templates/serverInfo.php
+++ b/lam/templates/serverInfo.php
@ -3,7 +3,7 @@
 $Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2009 - 2011  Roland Gruber
+  Copyright (C) 2009 - 2012  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -36,6 +36,8 @@ include_once("../lib/config.inc");
 // start session
 startSecureSession();

+checkIfToolIsActive('toolServerInformation');
+
 setlanguage();

 $namingContexts = '';
--- a/lam/templates/tests/index.php
+++ b/lam/templates/tests/index.php
@ -3,7 +3,7 @@
 $Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2006 - 2010  Roland Gruber
+  Copyright (C) 2006 - 2012  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -39,6 +39,8 @@ startSecureSession();
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();

+checkIfToolIsActive('toolTests');
+
 setlanguage();

 include '../main_header.php';
--- a/lam/templates/tests/lamdaemonTest.php
+++ b/lam/templates/tests/lamdaemonTest.php
@ -3,7 +3,7 @@
 $Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
-  Copyright (C) 2006 - 2010  Roland Gruber
+  Copyright (C) 2006 - 2012  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
@ -40,6 +40,8 @@ startSecureSession();
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();

+checkIfToolIsActive('toolTests');
+
 setlanguage();

 include '../main_header.php';
--- a/lam/templates/tests/schemaTest.php
+++ b/lam/templates/tests/schemaTest.php
@ -43,6 +43,8 @@ startSecureSession();
 // die if no write access
 if (!checkIfWriteAccessIsAllowed()) die();

+checkIfToolIsActive('toolTests');
+
 setlanguage();

 include '../main_header.php';