Security enhancement: Added check in eDBadmin* functions that the context is correct

author: David Sommerseth <dazo@users.sourceforge.net> 2009-04-01 23:15:39 +0200
committer: David Sommerseth <dazo@users.sourceforge.net> 2009-04-01 23:15:39 +0200
commit: ef24b50ee95a855bf84bcaefd4e8ae1954e45fe8 (patch)
tree: 6c522aad4dca44489d42cf70b1825fbb7a01c345 /database
parent: d3ee2cba48273b3f0da6d3adeaabbf642ce5c7ae (diff)
download: eurephia-ef24b50ee95a855bf84bcaefd4e8ae1954e45fe8.tar.gz
eurephia-ef24b50ee95a855bf84bcaefd4e8ae1954e45fe8.tar.xz
eurephia-ef24b50ee95a855bf84bcaefd4e8ae1954e45fe8.zip
2 files changed, 102 insertions, 0 deletions
diff --git a/database/sqlite/administration.c b/database/sqlite/administration.c
index e95cd8a..18752a6 100644
--- a/database/sqlite/administration.c
+++ b/database/sqlite/administration.c
@@ -324,6 +324,12 @@ int eDBadminLogout(eurephiaCTX *ctx, const char *sessionkey) {
         DEBUG(ctx, 20, "Function call: eDBadminLogout(ctx, '%s')", sessionkey);
         assert((ctx != NULL) && (sessionkey != NULL));
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return 0;
+        }
+
         // Update session as logged out
         res = sqlite_query(ctx,
                            "UPDATE eurephia_adminlog "
@@ -355,6 +361,12 @@ int eDBadminConfigSet(eurephiaCTX *ctx, const char *key, const char *val) {
         DEBUG(ctx, 20, "Function call: eDBadminConfigSet(ctx, '%s', '%s')", key, val);
         assert((ctx != NULL) && (ctx->dbc != NULL));
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return 0;
+        }
+
         res = sqlite_query(ctx, "SELECT count(*) FROM openvpn_config WHERE datakey = '%q'", key);
         if( !res ) {
                 eurephia_log(ctx, LOG_ERROR, 0, "Could not query configuration table");
@@ -387,6 +399,12 @@ int eDBadminConfigDelete(eurephiaCTX *ctx, const char *key) {
         DEBUG(ctx, 20, "Function call: eDBadminConfigDelete(ctx, '%s') ", key);
         assert((ctx != NULL) && (ctx->dbc != NULL));
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return 0;
+        }
+
         res = sqlite_query(ctx, "DELETE FROM openvpn_config WHERE datakey = '%q'", key);
         if( !res ) {
                 eurephia_log(ctx, LOG_ERROR, 0, "Could delete config configuration entry (%s)", key);
@@ -406,6 +424,12 @@ xmlDoc *eDBadminGetUserList(eurephiaCTX *ctx, const char *sortkeys) {
         DEBUG(ctx, 20, "Function call: eDBadminGetUserList(ctx, '%s')", sortkeys);
         assert((ctx != NULL) && (ctx->dbc != 0));
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return NULL;
+        }
+
         // Convert the input sort keys to the proper database field names
         dbsort = eDBmkSortKeyString(tbl_sqlite_users, sortkeys);
 
@@ -473,6 +497,12 @@ xmlDoc *eDBadminGetUserInfo(eurephiaCTX *ctx, int getInfo, xmlDoc *srch) {
         DEBUG(ctx, 20, "Function call: eDBadminGetUserUserInfo(ctx, %i, {xmlDoc})", getInfo);
         assert( (ctx != NULL) && (srch != NULL) );
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return NULL;
+        }
+
         fieldmap = eurephiaXML_getRoot(ctx, srch, "fieldMapping", 1);
         uinfo_map = eDBxmlMapping(ctx, tbl_sqlite_users, "u", fieldmap);
 
@@ -745,6 +775,12 @@ int eDBadminAddUser(eurephiaCTX *ctx, xmlDoc *usrinf) {
         DEBUG(ctx, 20, "Function call: eDBadminAddUser(ctx, xmlDoc)");
         assert( (ctx != NULL) && (usrinf != NULL) );
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return 0;
+        }
+
         // Get the add_user node, and then find the fieldMapping node
         usrinf_n = eurephiaXML_getRoot(ctx, usrinf, "add_user", 1);
         if( usrinf_n == NULL ) {
@@ -799,6 +835,12 @@ int eDBadminUpdateUser(eurephiaCTX *ctx, const int uid, xmlDoc *usrinf) {
         DEBUG(ctx, 20, "Function call: eDBadminUpdateUser(ctx, %i, xmlDoc)", uid);
         assert( (ctx != NULL) && (usrinf != NULL) );
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return 0;
+        }
+
         // Get the update_user node
         root_n = eurephiaXML_getRoot(ctx, usrinf, "update_user", 1);
         if( root_n == NULL ) {
@@ -858,6 +900,12 @@ int eDBadminDeleteUser(eurephiaCTX *ctx, const int uid, xmlDoc *usrinf) {
         DEBUG(ctx, 20, "Function call: eDBadminDeleteUser(ctx, %i, xmlDoc)", uid);
         assert( (ctx != NULL) && (usrinf != NULL) );
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return 0;
+        }
+
         // Get the delete_user node
         usrinf_n = eurephiaXML_getRoot(ctx, usrinf, "delete_user", 1);
         if( usrinf_n == NULL ) {
@@ -929,6 +977,12 @@ xmlDoc *eDBadminGetCertificateInfo(eurephiaCTX *ctx, xmlDoc *srchxml, const char
         DEBUG(ctx, 20, "Function call: eDBadminGetCertificateInfo(ctx, xmlDoc, '%s')", sortkeys);
         assert( (ctx != NULL) && (srchxml != NULL) );
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return NULL;
+        }
+
         if( sortkeys != NULL ) {
                 dbsort = eDBmkSortKeyString(tbl_sqlite_certs, sortkeys);
         }
@@ -1021,6 +1075,12 @@ int eDBadminAddCertificate(eurephiaCTX *ctx, xmlDoc *certxml) {
         DEBUG(ctx, 20, "Function call: eDBadminAddCertificate(ctx, xmlDoc)");
         assert( (ctx != NULL) && (certxml != NULL) );
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return 0;
+        }
+
         crtinf_n = eurephiaXML_getRoot(ctx, certxml, "register_certificate", 1);
         if( crtinf_n == NULL ) {
                 eurephia_log(ctx, LOG_ERROR, 0, "Could not find a valid XML for registering certificate");
@@ -1084,6 +1144,12 @@ int eDBadminDeleteCertificate(eurephiaCTX *ctx, xmlDoc *certxml) {
         DEBUG(ctx, 20, "Function call: eDBadminDeleteCertificate(ctx, xmlDoc)");
         assert( (ctx != NULL) && (certxml != NULL) );
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return 0;
+        }
+
         crtinf_n = eurephiaXML_getRoot(ctx, certxml, "delete_certificate", 1);
         if( crtinf_n == NULL ) {
                 eurephia_log(ctx, LOG_ERROR, 0, "Could not find a valid XML for the delete certificate request");
@@ -1133,6 +1199,12 @@ xmlDoc *eDBadminGetUserCertsList(eurephiaCTX *ctx, const char *sortkeys) {
         DEBUG(ctx, 20, "Function call: eDBadminGetUserCertsList(ctx, '%s')", sortkeys);
         assert( ctx != NULL );
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return NULL;
+        }
+
         if( sortkeys != NULL ) {
                 dbsort = eDBmkSortKeyString(tbl_sqlite_usercerts, sortkeys);
         }
@@ -1202,6 +1274,12 @@ int eDBadminUpdateUserCertLink(eurephiaCTX *ctx, xmlDoc *usrcrt_xml) {
         DEBUG(ctx, 20, "Function call: eDBadminUpdateUserCertLink(ctx, xmlDoc)");
         assert( (ctx != NULL) && (usrcrt_xml != NULL) );
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return 0;
+        }
+
         usrcrt_n = eurephiaXML_getRoot(ctx, usrcrt_xml, "usercerts_link", 1);
         if( usrcrt_n == NULL ) {
                 eurephia_log(ctx, LOG_ERROR, 0, "Could not find a valid XML for the user-certs link request");
@@ -1263,6 +1341,12 @@ xmlDoc *eDBadminGetAdminAccess(eurephiaCTX *ctx, xmlDoc *srch) {
         DEBUG(ctx, 20, "Function call: eDBadminGetAdminAccess(ctx, {xmlDoc})");
         assert( (ctx != NULL) && (srch != NULL) );
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return 0;
+        }
+
         tmp_n = eurephiaXML_getRoot(ctx, srch, "admin_access", 1);
         fieldmap_n = xmlFindNode(tmp_n, "fieldMapping");
         fmap = eDBxmlMapping(ctx, tbl_sqlite_eurephiaadmacc, "eac", fieldmap_n);
@@ -1327,6 +1411,12 @@ int eDBadminEditAdminAccess(eurephiaCTX *ctx, xmlDoc *grant_xml) {
         DEBUG(ctx, 20, "Function call: eDBadminEditAdminAccess(ctx, xmlDoc)");
         assert( (ctx != NULL) && (grant_xml != NULL) );
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return 0;
+        }
+
         grant_n = eurephiaXML_getRoot(ctx, grant_xml, "edit_admin_access", 1);
         if( grant_n == NULL ) {
                 eurephia_log(ctx, LOG_ERROR, 0, "Could not find a valid XML for the user-certs link request");
@@ -1381,6 +1471,12 @@ xmlDoc *eDBadminGetLastlog(eurephiaCTX *ctx, xmlDoc *srch, const char *sortkeys)
         DEBUG(ctx, 20, "Function call: eDBadminGetLastLog(ctx, {xmlDoc})");
         assert( (ctx != NULL) && (srch != NULL) );
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return NULL;
+        }
+
         tmp1 = eurephiaXML_getRoot(ctx, srch, "lastlog_query", 1);
         fieldmap_n = xmlFindNode(tmp1, "fieldMapping");
         fmap = eDBxmlMapping(ctx, tbl_sqlite_lastlog, "ll", fieldmap_n);
diff --git a/database/sqlite/firewalladmin.c b/database/sqlite/firewalladmin.c
index 2877f76..6f0cf44 100644
--- a/database/sqlite/firewalladmin.c
+++ b/database/sqlite/firewalladmin.c
@@ -148,6 +148,12 @@ xmlDoc *eDBadminFirewallProfiles(eurephiaCTX *ctx, xmlDoc *srch) {
         DEBUG(ctx, 20, "Function call: eDBadminFirewallProfiles(ctx, {xmlDoc})");
         assert( (ctx != NULL) && (srch != NULL) );
 
+        if( (ctx->context_type != ECTX_ADMIN_CONSOLE) && (ctx->context_type != ECTX_ADMIN_WEB) ) {
+                eurephia_log(ctx, LOG_CRITICAL, 0,
+                             "eurephia admin function call attempted with wrong context type");
+                return NULL;
+        }
+
         root_n = eurephiaXML_getRoot(ctx, srch, "firewall_profiles", 1);
         if( root_n == NULL ) {
                 eurephia_log(ctx, LOG_CRITICAL, 0, "Invalid XML input.");
author	David Sommerseth <dazo@users.sourceforge.net>	2009-04-01 23:15:39 +0200
committer	David Sommerseth <dazo@users.sourceforge.net>	2009-04-01 23:15:39 +0200
commit	ef24b50ee95a855bf84bcaefd4e8ae1954e45fe8 (patch)
tree	6c522aad4dca44489d42cf70b1825fbb7a01c345 /database
parent	d3ee2cba48273b3f0da6d3adeaabbf642ce5c7ae (diff)
download	eurephia-ef24b50ee95a855bf84bcaefd4e8ae1954e45fe8.tar.gz eurephia-ef24b50ee95a855bf84bcaefd4e8ae1954e45fe8.tar.xz eurephia-ef24b50ee95a855bf84bcaefd4e8ae1954e45fe8.zip