michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-03-20 08:40:24 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Factor out check for root-ish user into a separate function https://github.com/webmin/webmin/issues/1635

Browse Source
This commit is contained in:
Jamie Cameron
2022-05-14 11:38:03 -07:00
parent 3a6426858d
commit 6a2334bf8b
4 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
WebminCore.pm
View File

File diff suppressed because one or more lines are too long

5
fastrpc.cgi
View File

@@ -13,10 +13,7 @@ $force_lang = $default_lang;
print "Content-type: text/plain\n\n";
# Can this user make remote calls?
%access = &get_module_acl();
if ($access{'rpc'} == 0 || $access{'rpc'} == 2 &&
$base_remote_user ne 'admin' && $base_remote_user ne 'root' &&
$base_remote_user ne 'sysadm') {
if (!&webmin_user_is_admin()) {
print "0 Invalid user for RPC\n";
exit;
}

5
rpc.cgi
View File

@@ -27,10 +27,7 @@ $| = 1;
print "Content-type: text/plain\n\n";
# Can this user make remote calls?
%access = &get_module_acl();
if ($access{'rpc'} == 0 || $access{'rpc'} == 2 &&
$base_remote_user ne 'admin' && $base_remote_user ne 'root' &&
$base_remote_user ne 'sysadm') {
if (!&webmin_user_is_admin()) {
print &serialise_variable( { 'status' => 0 } );
exit;
}

14
web-lib-funcs.pl
View File

@@ -12118,6 +12118,20 @@ my ($variable, $scope) = @_;
return &globals('delete', $variable, $scope);
}
# webmin_user_is_admin([username])
# Returns 1 if the given user should be considered fully trusted
sub webmin_user_is_admin
{
my ($user) = @_;
$user ||= $base_remote_user;
my %access = &get_module_acl($user, "");
return 1 if ($access{'rpc'} == 0); # Can make arbitary RPC calls
return 0 if ($access{'rpc'} == 1); # Cannot make RPCs
# Assume that standard admin usernames are root-capable as a fallback
return $user eq 'admin' || $user eq 'root' || $user eq 'sysadm';
}
$done_web_lib_funcs = 1;
1;