Fossil SCM
Enhance the security-audit page to detect insecurities resulting from having self-registration enabled. This is a work in progress. More testing and more checks are needed in this area.
Commit
724ccc46f2cba9ae5196a89a01c950bb33a0ee446c3fa70b9ad4348d081eb13b
Parent
35563f3db308ca3…
1 file changed
+34
-4
+34
-4
| --- src/security_audit.c | ||
| +++ src/security_audit.c | ||
| @@ -42,10 +42,11 @@ | ||
| 42 | 42 | ** This page requires administrator access |
| 43 | 43 | */ |
| 44 | 44 | void secaudit0_page(void){ |
| 45 | 45 | const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */ |
| 46 | 46 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 47 | + const char *zSelfCap; /* Capabilities of self-registered users */ | |
| 47 | 48 | char *z; |
| 48 | 49 | int n; |
| 49 | 50 | |
| 50 | 51 | login_check_credentials(); |
| 51 | 52 | if( !g.perm.Setup && !g.perm.Admin ){ |
| @@ -60,43 +61,71 @@ | ||
| 60 | 61 | ** "Private" repos require (non-anonymous) login to access all content, |
| 61 | 62 | ** though some content may be accessible anonymously. |
| 62 | 63 | */ |
| 63 | 64 | zAnonCap = db_text("", "SELECT fullcap(NULL)"); |
| 64 | 65 | zPubPages = db_get("public-pages",0); |
| 66 | + if( db_get_boolean("self-register",0) ){ | |
| 67 | + CapabilityString *pCap; | |
| 68 | + pCap = capability_add(0, db_get("default-perms","")); | |
| 69 | + capability_expand(pCap); | |
| 70 | + zSelfCap = capability_string(pCap); | |
| 71 | + capability_free(pCap); | |
| 72 | + }else{ | |
| 73 | + zSelfCap = fossil_strdup(""); | |
| 74 | + } | |
| 65 | 75 | if( hasAnyCap(zAnonCap,"as") ){ |
| 66 | 76 | @ <li><p>This repository is <big><b>Wildly INSECURE</b></big> because |
| 67 | 77 | @ it grants administrator privileges to anonymous users. You |
| 68 | 78 | @ should <a href="takeitprivate">take this repository private</a> |
| 69 | 79 | @ immediately! Or, at least remove the Setup and Admin privileges |
| 70 | 80 | @ for users "anonymous" and "login" on the |
| 71 | 81 | @ <a href="setup_ulist">User Configuration</a> page. |
| 82 | + }else if( hasAnyCap(zSelfCap,"as") ){ | |
| 83 | + @ <li><p>This repository is <big><b>Wildly INSECURE</b></big> because | |
| 84 | + @ it grants administrator privileges to self-registered users. You | |
| 85 | + @ should <a href="takeitprivate">take this repository private</a> | |
| 86 | + @ and/or disable self-registration | |
| 87 | + @ immediately! Or, at least remove the Setup and Admin privileges | |
| 88 | + @ from the default permissions for new users. | |
| 72 | 89 | }else if( hasAnyCap(zAnonCap,"y") ){ |
| 73 | 90 | @ <li><p>This repository is <big><b>INSECURE</b></big> because |
| 74 | 91 | @ it allows anonymous users to push unversioned files. |
| 75 | 92 | @ <p>Fix this by <a href="takeitprivate">taking the repository private</a> |
| 76 | 93 | @ or by removing the "y" permission from users "anonymous" and |
| 77 | 94 | @ "nobody" on the <a href="setup_ulist">User Configuration</a> page. |
| 95 | + }else if( hasAnyCap(zSelfCap,"y") ){ | |
| 96 | + @ <li><p>This repository is <big><b>INSECURE</b></big> because | |
| 97 | + @ it allows self-registered users to push unversioned files. | |
| 98 | + @ <p>Fix this by <a href="takeitprivate">taking the repository private</a> | |
| 99 | + @ or by removing the "y" permission from the default permissions or | |
| 100 | + @ by disabling self-registration. | |
| 78 | 101 | }else if( hasAnyCap(zAnonCap,"goz") ){ |
| 79 | 102 | @ <li><p>This repository is <big><b>PUBLIC</b></big>. All |
| 80 | 103 | @ checked-in content can be accessed by anonymous users. |
| 81 | 104 | @ <a href="takeitprivate">Take it private</a>.<p> |
| 105 | + }else if( hasAnyCap(zSelfCap,"goz") ){ | |
| 106 | + @ <li><p>This repository is <big><b>PUBLIC</b></big> because all | |
| 107 | + @ checked-in content can be accessed by self-registered users. | |
| 108 | + @ This repostory would be private if you disabled self-registration.</p> | |
| 82 | 109 | }else if( !hasAnyCap(zAnonCap, "jrwy234567") |
| 110 | + && !hasAnyCap(zSelfCap, "jrwy234567") | |
| 83 | 111 | && (zPubPages==0 || zPubPages[0]==0) ){ |
| 84 | 112 | @ <li><p>This repository is <big><b>Completely PRIVATE</b></big>. |
| 85 | 113 | @ A valid login and password is required to access any content. |
| 86 | 114 | }else{ |
| 87 | 115 | @ <li><p>This repository is <big><b>Mostly PRIVATE</b></big>. |
| 88 | 116 | @ A valid login and password is usually required, however some |
| 89 | - @ content can be accessed anonymously: | |
| 117 | + @ content can be accessed either anonymously or by self-registered | |
| 118 | + @ users: | |
| 90 | 119 | @ <ul> |
| 91 | - if( hasAnyCap(zAnonCap,"j") ){ | |
| 120 | + if( hasAnyCap(zAnonCap,"j") || hasAnyCap(zSelfCap,"j") ){ | |
| 92 | 121 | @ <li> Wiki pages |
| 93 | 122 | } |
| 94 | - if( hasAnyCap(zAnonCap,"r") ){ | |
| 123 | + if( hasAnyCap(zAnonCap,"r") || hasAnyCap(zSelfCap,"r") ){ | |
| 95 | 124 | @ <li> Tickets |
| 96 | 125 | } |
| 97 | - if( hasAnyCap(zAnonCap,"234567") ){ | |
| 126 | + if( hasAnyCap(zAnonCap,"234567") || hasAnyCap(zSelfCap,"234567") ){ | |
| 98 | 127 | @ <li> Forum posts |
| 99 | 128 | } |
| 100 | 129 | if( zPubPages && zPubPages[0] ){ |
| 101 | 130 | Glob *pGlob = glob_create(zPubPages); |
| 102 | 131 | int i; |
| @@ -424,10 +453,11 @@ | ||
| 424 | 453 | db_multi_exec( |
| 425 | 454 | "UPDATE user SET cap=''" |
| 426 | 455 | " WHERE login IN ('nobody','anonymous');" |
| 427 | 456 | "DELETE FROM config WHERE name='public-pages';" |
| 428 | 457 | ); |
| 458 | + db_set("self-register","0",0); | |
| 429 | 459 | cgi_redirect("secaudit0"); |
| 430 | 460 | } |
| 431 | 461 | style_header("Make This Website Private"); |
| 432 | 462 | @ <p>Click the "Make It Private" button below to disable all |
| 433 | 463 | @ anonymous access to this repository. A valid login and password |
| 434 | 464 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -42,10 +42,11 @@ | |
| 42 | ** This page requires administrator access |
| 43 | */ |
| 44 | void secaudit0_page(void){ |
| 45 | const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */ |
| 46 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 47 | char *z; |
| 48 | int n; |
| 49 | |
| 50 | login_check_credentials(); |
| 51 | if( !g.perm.Setup && !g.perm.Admin ){ |
| @@ -60,43 +61,71 @@ | |
| 60 | ** "Private" repos require (non-anonymous) login to access all content, |
| 61 | ** though some content may be accessible anonymously. |
| 62 | */ |
| 63 | zAnonCap = db_text("", "SELECT fullcap(NULL)"); |
| 64 | zPubPages = db_get("public-pages",0); |
| 65 | if( hasAnyCap(zAnonCap,"as") ){ |
| 66 | @ <li><p>This repository is <big><b>Wildly INSECURE</b></big> because |
| 67 | @ it grants administrator privileges to anonymous users. You |
| 68 | @ should <a href="takeitprivate">take this repository private</a> |
| 69 | @ immediately! Or, at least remove the Setup and Admin privileges |
| 70 | @ for users "anonymous" and "login" on the |
| 71 | @ <a href="setup_ulist">User Configuration</a> page. |
| 72 | }else if( hasAnyCap(zAnonCap,"y") ){ |
| 73 | @ <li><p>This repository is <big><b>INSECURE</b></big> because |
| 74 | @ it allows anonymous users to push unversioned files. |
| 75 | @ <p>Fix this by <a href="takeitprivate">taking the repository private</a> |
| 76 | @ or by removing the "y" permission from users "anonymous" and |
| 77 | @ "nobody" on the <a href="setup_ulist">User Configuration</a> page. |
| 78 | }else if( hasAnyCap(zAnonCap,"goz") ){ |
| 79 | @ <li><p>This repository is <big><b>PUBLIC</b></big>. All |
| 80 | @ checked-in content can be accessed by anonymous users. |
| 81 | @ <a href="takeitprivate">Take it private</a>.<p> |
| 82 | }else if( !hasAnyCap(zAnonCap, "jrwy234567") |
| 83 | && (zPubPages==0 || zPubPages[0]==0) ){ |
| 84 | @ <li><p>This repository is <big><b>Completely PRIVATE</b></big>. |
| 85 | @ A valid login and password is required to access any content. |
| 86 | }else{ |
| 87 | @ <li><p>This repository is <big><b>Mostly PRIVATE</b></big>. |
| 88 | @ A valid login and password is usually required, however some |
| 89 | @ content can be accessed anonymously: |
| 90 | @ <ul> |
| 91 | if( hasAnyCap(zAnonCap,"j") ){ |
| 92 | @ <li> Wiki pages |
| 93 | } |
| 94 | if( hasAnyCap(zAnonCap,"r") ){ |
| 95 | @ <li> Tickets |
| 96 | } |
| 97 | if( hasAnyCap(zAnonCap,"234567") ){ |
| 98 | @ <li> Forum posts |
| 99 | } |
| 100 | if( zPubPages && zPubPages[0] ){ |
| 101 | Glob *pGlob = glob_create(zPubPages); |
| 102 | int i; |
| @@ -424,10 +453,11 @@ | |
| 424 | db_multi_exec( |
| 425 | "UPDATE user SET cap=''" |
| 426 | " WHERE login IN ('nobody','anonymous');" |
| 427 | "DELETE FROM config WHERE name='public-pages';" |
| 428 | ); |
| 429 | cgi_redirect("secaudit0"); |
| 430 | } |
| 431 | style_header("Make This Website Private"); |
| 432 | @ <p>Click the "Make It Private" button below to disable all |
| 433 | @ anonymous access to this repository. A valid login and password |
| 434 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -42,10 +42,11 @@ | |
| 42 | ** This page requires administrator access |
| 43 | */ |
| 44 | void secaudit0_page(void){ |
| 45 | const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */ |
| 46 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 47 | const char *zSelfCap; /* Capabilities of self-registered users */ |
| 48 | char *z; |
| 49 | int n; |
| 50 | |
| 51 | login_check_credentials(); |
| 52 | if( !g.perm.Setup && !g.perm.Admin ){ |
| @@ -60,43 +61,71 @@ | |
| 61 | ** "Private" repos require (non-anonymous) login to access all content, |
| 62 | ** though some content may be accessible anonymously. |
| 63 | */ |
| 64 | zAnonCap = db_text("", "SELECT fullcap(NULL)"); |
| 65 | zPubPages = db_get("public-pages",0); |
| 66 | if( db_get_boolean("self-register",0) ){ |
| 67 | CapabilityString *pCap; |
| 68 | pCap = capability_add(0, db_get("default-perms","")); |
| 69 | capability_expand(pCap); |
| 70 | zSelfCap = capability_string(pCap); |
| 71 | capability_free(pCap); |
| 72 | }else{ |
| 73 | zSelfCap = fossil_strdup(""); |
| 74 | } |
| 75 | if( hasAnyCap(zAnonCap,"as") ){ |
| 76 | @ <li><p>This repository is <big><b>Wildly INSECURE</b></big> because |
| 77 | @ it grants administrator privileges to anonymous users. You |
| 78 | @ should <a href="takeitprivate">take this repository private</a> |
| 79 | @ immediately! Or, at least remove the Setup and Admin privileges |
| 80 | @ for users "anonymous" and "login" on the |
| 81 | @ <a href="setup_ulist">User Configuration</a> page. |
| 82 | }else if( hasAnyCap(zSelfCap,"as") ){ |
| 83 | @ <li><p>This repository is <big><b>Wildly INSECURE</b></big> because |
| 84 | @ it grants administrator privileges to self-registered users. You |
| 85 | @ should <a href="takeitprivate">take this repository private</a> |
| 86 | @ and/or disable self-registration |
| 87 | @ immediately! Or, at least remove the Setup and Admin privileges |
| 88 | @ from the default permissions for new users. |
| 89 | }else if( hasAnyCap(zAnonCap,"y") ){ |
| 90 | @ <li><p>This repository is <big><b>INSECURE</b></big> because |
| 91 | @ it allows anonymous users to push unversioned files. |
| 92 | @ <p>Fix this by <a href="takeitprivate">taking the repository private</a> |
| 93 | @ or by removing the "y" permission from users "anonymous" and |
| 94 | @ "nobody" on the <a href="setup_ulist">User Configuration</a> page. |
| 95 | }else if( hasAnyCap(zSelfCap,"y") ){ |
| 96 | @ <li><p>This repository is <big><b>INSECURE</b></big> because |
| 97 | @ it allows self-registered users to push unversioned files. |
| 98 | @ <p>Fix this by <a href="takeitprivate">taking the repository private</a> |
| 99 | @ or by removing the "y" permission from the default permissions or |
| 100 | @ by disabling self-registration. |
| 101 | }else if( hasAnyCap(zAnonCap,"goz") ){ |
| 102 | @ <li><p>This repository is <big><b>PUBLIC</b></big>. All |
| 103 | @ checked-in content can be accessed by anonymous users. |
| 104 | @ <a href="takeitprivate">Take it private</a>.<p> |
| 105 | }else if( hasAnyCap(zSelfCap,"goz") ){ |
| 106 | @ <li><p>This repository is <big><b>PUBLIC</b></big> because all |
| 107 | @ checked-in content can be accessed by self-registered users. |
| 108 | @ This repostory would be private if you disabled self-registration.</p> |
| 109 | }else if( !hasAnyCap(zAnonCap, "jrwy234567") |
| 110 | && !hasAnyCap(zSelfCap, "jrwy234567") |
| 111 | && (zPubPages==0 || zPubPages[0]==0) ){ |
| 112 | @ <li><p>This repository is <big><b>Completely PRIVATE</b></big>. |
| 113 | @ A valid login and password is required to access any content. |
| 114 | }else{ |
| 115 | @ <li><p>This repository is <big><b>Mostly PRIVATE</b></big>. |
| 116 | @ A valid login and password is usually required, however some |
| 117 | @ content can be accessed either anonymously or by self-registered |
| 118 | @ users: |
| 119 | @ <ul> |
| 120 | if( hasAnyCap(zAnonCap,"j") || hasAnyCap(zSelfCap,"j") ){ |
| 121 | @ <li> Wiki pages |
| 122 | } |
| 123 | if( hasAnyCap(zAnonCap,"r") || hasAnyCap(zSelfCap,"r") ){ |
| 124 | @ <li> Tickets |
| 125 | } |
| 126 | if( hasAnyCap(zAnonCap,"234567") || hasAnyCap(zSelfCap,"234567") ){ |
| 127 | @ <li> Forum posts |
| 128 | } |
| 129 | if( zPubPages && zPubPages[0] ){ |
| 130 | Glob *pGlob = glob_create(zPubPages); |
| 131 | int i; |
| @@ -424,10 +453,11 @@ | |
| 453 | db_multi_exec( |
| 454 | "UPDATE user SET cap=''" |
| 455 | " WHERE login IN ('nobody','anonymous');" |
| 456 | "DELETE FROM config WHERE name='public-pages';" |
| 457 | ); |
| 458 | db_set("self-register","0",0); |
| 459 | cgi_redirect("secaudit0"); |
| 460 | } |
| 461 | style_header("Make This Website Private"); |
| 462 | @ <p>Click the "Make It Private" button below to disable all |
| 463 | @ anonymous access to this repository. A valid login and password |
| 464 |