diff options
| -rwxr-xr-x | pki/base/ra/forms/agent/request/op.cgi | 15 | ||||
| -rw-r--r-- | pki/dogtag/ra/pki-ra.spec | 4 |
2 files changed, 17 insertions, 2 deletions
diff --git a/pki/base/ra/forms/agent/request/op.cgi b/pki/base/ra/forms/agent/request/op.cgi index f474fd376..a475c0d80 100755 --- a/pki/base/ra/forms/agent/request/op.cgi +++ b/pki/base/ra/forms/agent/request/op.cgi @@ -76,10 +76,22 @@ sub process() $queue->open($cfg); my $ref; - my $pref = $queue->read_request($id); + + my @roles = $self->get_current_roles($cfg); + my $pref = $queue->read_request_by_roles(\@roles, $id); + + if (! defined $pref) { + $queue->close(); + $self->debug_log($cfg, "Invalid attempt to process request id= " . $id . + " by userid= " . $uid); + print $q->redirect("/agent/error.cgi"); + return; + } + my $curr_status = $pref->{'status'}; if ($type eq "approve") { if (($curr_status ne "OPEN") && ($curr_status ne "ERROR")) { + $queue->close(); print $q->redirect("/agent/request/read.cgi?id=$id"); return; } @@ -87,6 +99,7 @@ sub process() $ref = $queue->approve_request($id, $uid); } elsif ($type eq "reject") { if (($curr_status ne "OPEN") && ($curr_status ne "ERROR")) { + $queue->close(); print $q->redirect("/agent/request/read.cgi?id=$id"); return; } diff --git a/pki/dogtag/ra/pki-ra.spec b/pki/dogtag/ra/pki-ra.spec index 98b8a7873..5007a5ed8 100644 --- a/pki/dogtag/ra/pki-ra.spec +++ b/pki/dogtag/ra/pki-ra.spec @@ -34,7 +34,7 @@ ## Package Header Definitions %define base_name %{base_prefix}-%{base_component} %define base_version 1.1.0 -%define base_release 1 +%define base_release 2 %define base_group System Environment/Daemons %define base_vendor Red Hat, Inc. %define base_license GPLv2 with exceptions @@ -266,6 +266,8 @@ fi ############################################################################### %changelog +* Tue Apr 7 2009 Ade Lee <alee@redhat.com> 1.1.0-2 +- Bugzilla Bug #484828 - op.cgi allows RA agents to approve requests not assigned to their agent groups * Sat Apr 4 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-1 - Version update to Dogtag 1.1.0. * Sat Mar 28 2009 Matthew Harmsen <mharmsen@redhat.com> 1.0.0-26 |