diff options
Diffstat (limited to 'pki/base/tps/lib/perl/PKI/TPS/wizard.pm')
-rwxr-xr-x | pki/base/tps/lib/perl/PKI/TPS/wizard.pm | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/pki/base/tps/lib/perl/PKI/TPS/wizard.pm b/pki/base/tps/lib/perl/PKI/TPS/wizard.pm index 075893da2..1dc27b0d5 100755 --- a/pki/base/tps/lib/perl/PKI/TPS/wizard.pm +++ b/pki/base/tps/lib/perl/PKI/TPS/wizard.pm @@ -100,10 +100,15 @@ $config->load_file("$pkiroot/conf/CS.cfg"); # read password cache file my $pwdconf = PKI::TPS::Config->new(); $pwdconf->load_file("$pkiroot/conf/pwcache.conf"); +if( -e "$pkiroot/conf/pwcache.conf" ) { + system( "chmod 00660 $pkiroot/conf/pwcache.conf" ); +} # create cfg debug log -open(DEBUG, ">>" . $config->get("service.instanceDir") . - "/logs/debug"); +my $logfile = $config->get("service.instanceDir") . "/logs/debug"; +system( "touch $logfile" ); +system( "chmod 00660 $logfile" ); +open(DEBUG, ">>" . $logfile); # apache server @@ -263,7 +268,10 @@ sub render_panel # fill in variables for new panel if ($currentpanel->{panelvars}) { $Data::Dumper::Indent = 1; - &debug_log("q=".Dumper($q)); + # The '&debug_log("q=".Dumper($q));' call must be commented out to fix + # Bugzilla Bug #249923: Incorrect file permissions on + # various files and/or directories + # &debug_log("q=".Dumper($q)); $currentpanel->{panelvars}($q); } @@ -323,7 +331,7 @@ sub handler { my $q = new CGI; # check cookie - my $cookie = $q->cookie('pin'); + my $cookie = $q->cookie('__pin'); my $pin = $::config->get("preop.pin"); if ($cookie ne $pin) { print $q->redirect("login"); @@ -334,7 +342,24 @@ sub handler { &debug_log("TPS wizard: uri='" . $ENV{REQUEST_URI} . "'"); my @pnames = $q->param(); foreach $pn (@pnames) { - if ($pn =~ /^__/) { + # added this facility so that password can be hidden, + # all sensitive parameters should be prefixed with + # __ (double underscores); however, in the event that + # a security parameter slips through, we perform multiple + # additional checks to insure that it is NOT displayed + if( $pn =~ /^__/ || + $pn =~ /password$/ || + $pn =~ /passwd$/ || + $pn =~ /pwd$/ || + $pn =~ /admin_password_again/i || + $pn =~ /bindpassword/i || + $pn =~ /bindpwd/i || + $pn =~ /passwd/i || + $pn =~ /password/i || + $pn =~ /pin/i || + $pn =~ /pwd/i || + $pn =~ /pwdagain/i || + $pn =~ /uPasswd/i ) { &debug_log("TPS wizard: http parameter name='" . $pn . "' value='(sensitive)'"); } else { &debug_log("TPS wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'"); |