diff options
author | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-04-07 19:52:22 +0000 |
---|---|---|
committer | alee <alee@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2009-04-07 19:52:22 +0000 |
commit | dfeb3f0369696b9722026d502d7c3f8a599462af (patch) | |
tree | ecbe2986e84e4874cfaa81fd9a73cfe2cafe66ac | |
parent | a2527f0314a8766bdeeb11831444a5b37b2cd074 (diff) | |
download | pki-dfeb3f0369696b9722026d502d7c3f8a599462af.tar.gz pki-dfeb3f0369696b9722026d502d7c3f8a599462af.tar.xz pki-dfeb3f0369696b9722026d502d7c3f8a599462af.zip |
Bugzilla BZ#484828: op.cgi allows RA agents to approve requests not assigned to their agent group
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@377 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
-rwxr-xr-x | pki/base/ra/forms/agent/request/op.cgi | 15 | ||||
-rw-r--r-- | pki/dogtag/ra/pki-ra.spec | 4 |
2 files changed, 17 insertions, 2 deletions
diff --git a/pki/base/ra/forms/agent/request/op.cgi b/pki/base/ra/forms/agent/request/op.cgi index f474fd376..a475c0d80 100755 --- a/pki/base/ra/forms/agent/request/op.cgi +++ b/pki/base/ra/forms/agent/request/op.cgi @@ -76,10 +76,22 @@ sub process() $queue->open($cfg); my $ref; - my $pref = $queue->read_request($id); + + my @roles = $self->get_current_roles($cfg); + my $pref = $queue->read_request_by_roles(\@roles, $id); + + if (! defined $pref) { + $queue->close(); + $self->debug_log($cfg, "Invalid attempt to process request id= " . $id . + " by userid= " . $uid); + print $q->redirect("/agent/error.cgi"); + return; + } + my $curr_status = $pref->{'status'}; if ($type eq "approve") { if (($curr_status ne "OPEN") && ($curr_status ne "ERROR")) { + $queue->close(); print $q->redirect("/agent/request/read.cgi?id=$id"); return; } @@ -87,6 +99,7 @@ sub process() $ref = $queue->approve_request($id, $uid); } elsif ($type eq "reject") { if (($curr_status ne "OPEN") && ($curr_status ne "ERROR")) { + $queue->close(); print $q->redirect("/agent/request/read.cgi?id=$id"); return; } diff --git a/pki/dogtag/ra/pki-ra.spec b/pki/dogtag/ra/pki-ra.spec index 98b8a7873..5007a5ed8 100644 --- a/pki/dogtag/ra/pki-ra.spec +++ b/pki/dogtag/ra/pki-ra.spec @@ -34,7 +34,7 @@ ## Package Header Definitions %define base_name %{base_prefix}-%{base_component} %define base_version 1.1.0 -%define base_release 1 +%define base_release 2 %define base_group System Environment/Daemons %define base_vendor Red Hat, Inc. %define base_license GPLv2 with exceptions @@ -266,6 +266,8 @@ fi ############################################################################### %changelog +* Tue Apr 7 2009 Ade Lee <alee@redhat.com> 1.1.0-2 +- Bugzilla Bug #484828 - op.cgi allows RA agents to approve requests not assigned to their agent groups * Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 - Version update to Dogtag 1.1.0. * Sat Mar 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-26 |