/CHANGELOG |
---|
16,6 → 16,7 |
SECU |
- Rename Fail2Ban rule "alcasar_acc-htdigest" to "alcasar_acc" (iptables does not support long name). |
- Remove '/usr/bin/openssl' sudo privilege for 'apache' user. |
- Escape exec() parameters in ACC to prevent RCE attacks. |
-------------------- 3.1.2 -------------------- |
NEWS |
/web/acc/admin/bl_categories_help.php |
---|
178,16 → 178,16 |
{ |
$filtre = $liste == "bl" ? $bl_categorie_domain_file : $wl_categorie_domain_file; |
exec("head -n 15 $filtre | cut -d '/' -f2", $resultat); |
exec("head -n 15 ".escapeshellarg($filtre)." | cut -d '/' -f2", $resultat); |
} |
elseif($titre == "ip") |
{ |
$filtre = $liste == "bl" ? $bl_categorie_ip_file : $wl_categorie_ip_file; |
exec("head -n 15 $filtre | cut -d ' ' -f3", $resultat); |
exec("head -n 15 ".escapeshellarg($filtre)." | cut -d ' ' -f3", $resultat); |
} |
else |
{ |
exec("head -n 15 $filtre", $resultat); |
exec("head -n 15 ".escapeshellarg($filtre), $resultat); |
} |
for($i=0; $i<count($resultat); $i++) |
echo $resultat[$i]."<br/>"; |
/web/acc/admin/bl_filter.php |
---|
55,6 → 55,7 |
} |
function echo_ip_file ($filename) |
{ |
$filename = escapeshellarg($filename); |
exec("cat $filename | cut -d ' ' -f3", $resultat); |
for($i=0; $i<exec("wc -l $filename"); $i++) |
{ |
264,14 → 265,14 |
$action=$_POST[$fichier]; |
if($action == $l_remove) //delete |
{ |
exec("/bin/sed -i \"/^$fichier$/d\" $bl_categories_enabled"); |
exec("/bin/sed -i \"/$fichier$/d\" $bl_categories"); |
exec("rm -rf $dir_blacklist$fichier"); |
exec("/bin/sed -i ".escapeshellarg("/^$fichier$/d")." $bl_categories_enabled"); |
exec("/bin/sed -i ".escapeshellarg("/$fichier$/d")." $bl_categories"); |
exec("rm -rf $dir_blacklist".escapeshellarg($fichier)); |
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload"); |
} |
if($action == $l_disable) //disable |
{ |
exec("/bin/sed -i \"/^$fichier$/d\" $bl_categories_enabled"); |
exec("/bin/sed -i ".escapeshellarg("/^$fichier$/d")." $bl_categories_enabled"); |
exec("sudo /usr/local/bin/alcasar-bl.sh --reload"); |
} |
if($action == $l_enable) //enable |
287,9 → 288,9 |
$dest_dir = $dir_blacklist."ossi-bl-".$file_name; # /etc/dansguardian/list/blacklist/ossi-bl-XXXXXXXX |
if((!empty($file_name)) && (!file_exists($dest_dir))) |
{ |
exec ("mkdir $dest_dir"); |
exec("mkdir ".escapeshellarg($dest_dir)); |
$file=$_FILES['fichier_ip']['tmp_name']; |
exec("/usr/bin/dos2unix $file $file"); |
exec("/usr/bin/dos2unix ".escapeshellarg($file)); |
if(move_uploaded_file($_FILES['fichier_ip']['tmp_name'], $dest_dir."/domains")) // copy in the file "domains" (containing @ip & domain names (like over Toulouse categories)) |
{ |
touch ($dest_dir."/urls"); // create the URL file even if it isn't used |
299,7 → 300,7 |
} |
else |
{ |
exec("rm -rf $dest_dir"); |
exec("rm -rf ".escapeshellarg($dest_dir)); |
echo $l_error_upload; |
} |
} |
/web/acc/admin/network.php |
---|
224,18 → 224,18 |
/******************************************* |
* Read ALCASAR_CONF_FILE Before * |
********************************************/ |
$ouvre=fopen(CONF_FILE,"r"); |
if ($ouvre){ |
while (!feof ($ouvre)) |
{ |
$tampon = fgets($ouvre, 4096); |
if (strpos($tampon,"=")!==false){ |
$tmp = explode("=",$tampon); |
$conf[$tmp[0]] = $tmp[1]; |
$file_conf = fopen(CONF_FILE, 'r'); |
if (!$file_conf) { |
exit('Error opening the file '.CONF_FILE); |
} |
while (!feof($file_conf)) { |
$buffer = fgets($file_conf, 4096); |
if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) { |
$tmp = explode('=', $buffer); |
$conf[trim($tmp[0])] = trim($tmp[1]); |
} |
fclose($ouvre); |
} |
fclose($file_conf); |
if(isset($_POST['dns1']) && preg_match($reg_ip,$_POST['dns1'])) |
{ |
273,18 → 273,18 |
/******************************************* |
* Read ALCASAR_CONF_FILE Updated * |
********************************************/ |
$ouvre=fopen(CONF_FILE,"r"); |
if ($ouvre){ |
while (!feof ($ouvre)) |
{ |
$tampon = fgets($ouvre, 4096); |
if (strpos($tampon,"=")!==false){ |
$tmp = explode("=",$tampon); |
$conf[$tmp[0]] = $tmp[1]; |
$file_conf = fopen(CONF_FILE, 'r'); |
if (!$file_conf) { |
exit('Error opening the file '.CONF_FILE); |
} |
while (!feof($file_conf)) { |
$buffer = fgets($file_conf, 4096); |
if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) { |
$tmp = explode('=', $buffer); |
$conf[trim($tmp[0])] = trim($tmp[1]); |
} |
fclose($ouvre); |
} |
fclose($file_conf); |
?> |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
<html><!-- written by steweb57 & rexy --> |
/web/acc/admin/network2.php |
---|
7,7 → 7,7 |
echo "<tr><th>$l_mac_address<th>$l_ip_address<th>Info<th>$l_del</tr>"; |
// Read the "ether" file |
$intif = $conf["INTIF"]; |
exec ("sudo /sbin/ip link show $intif", $output); |
exec("sudo /sbin/ip link show ".escapeshellarg($intif), $output); |
$detail = explode (" " , $output[1]); |
$intif_mac_addr=strtoupper(str_replace(":","-",$detail[5])); |
unset ($output);unset ($detail); |
/web/acc/admin/services.php |
---|
94,15 → 94,15 |
//fonction pour faire une action (start,stop,restart) sur un service |
function serviceExec($service, $action){ |
if (($action == "start")||($action == "stop")||($action == "restart")){ |
exec("sudo /usr/bin/systemctl $action $service",$retval, $retstatus); |
exec("sudo /usr/bin/systemctl $action ".escapeshellarg($service), $retval, $retstatus); |
if ($service == "sshd"){ |
if ($action == "start"){ |
exec("sudo /usr/bin/systemctl enable $service"); |
exec("sudo /usr/bin/systemctl enable ".escapeshellarg($service)); |
file_put_contents(CONF_FILE, str_replace('SSH=off', 'SSH=on', file_get_contents(CONF_FILE))); |
exec ("sudo /usr/local/bin/alcasar-iptables.sh"); |
} |
if ($action == "stop"){ |
exec("sudo /usr/bin/systemctl disable $service"); |
exec("sudo /usr/bin/systemctl disable ".escapeshellarg($service)); |
file_put_contents(CONF_FILE, str_replace('SSH=on', 'SSH=off', file_get_contents(CONF_FILE))); |
exec ("sudo /usr/local/bin/alcasar-iptables.sh"); |
} |
116,7 → 116,7 |
//(en fonction de la présence d'un mot clé dans la valeur de status) |
function checkServiceStatus($service){ |
$response = false; |
exec("sudo /usr/bin/systemctl is-active $service.service",$retval); |
exec("sudo /usr/bin/systemctl is-active ".escapeshellarg("$service.service"), $retval); |
foreach( $retval as $val ) { |
if ($val == "active"){ |
$response = true; |
/web/acc/admin/update_ldap.php |
---|
126,11 → 126,16 |
*********************************************************/ |
if ($auth_enable == "1"){ |
if (!preg_match('/^[A-Za-z0-9_\-\.]+$/', $ldap_server)) { |
exit('Invalid LDAP server.'); |
} |
file_put_contents(ALCASAR_CONF_FILE, str_replace('LDAP=off', 'LDAP=on', file_get_contents(ALCASAR_CONF_FILE))); |
exec("sudo sed -i \"s/^LDAP_IP=.*/LDAP_IP=$ldap_server/g\" ALCASAR_CONF_FILE");} |
exec("sed -i \"s/^LDAP_IP=.*/LDAP_IP=$ldap_server/g\" ALCASAR_CONF_FILE"); |
} |
else { |
file_put_contents(ALCASAR_CONF_FILE, str_replace('LDAP=on', 'LDAP=off', file_get_contents(ALCASAR_CONF_FILE))); |
exec("sudo sed -i \"s/^LDAP_IP=.*/LDAP_IP=0.0.0.0/g\" ALCASAR_CONF_FILE");} |
exec("sed -i \"s/^LDAP_IP=.*/LDAP_IP=0.0.0.0/g\" ALCASAR_CONF_FILE"); |
} |
exec ("sudo /usr/local/bin/alcasar-iptables.sh"); |
exec ("sudo /usr/bin/systemctl restart radiusd"); |
140,4 → 145,3 |
header('Location:ldap.php?update=ok'); |
exit(); |
?> |
/web/acc/admin/wl_filter.php |
---|
55,6 → 55,7 |
} |
function echo_ip_file ($filename) |
{ |
$filename = escapeshellarg($filename); |
exec("cat $filename | cut -d ' ' -f3", $resultat); |
for($i=0; $i<exec("wc -l $filename"); $i++) |
{ |
222,13 → 223,13 |
$action=$_POST[$fichier]; |
if($action == $l_remove) //delete |
{ |
exec("/bin/sed -i \"/^$fichier$/d\" $wl_categories_enabled"); |
exec("rm -rf $dir_blacklist$fichier"); |
exec("/bin/sed -i ".escapeshellarg("/^$fichier$/d")." $wl_categories_enabled"); |
exec("rm -rf .".escapeshellarg("$dir_blacklist$fichier")); |
exec ("sudo /usr/local/bin/alcasar-bl.sh --reload"); |
} |
if($action == $l_disable) //disable |
{ |
exec("/bin/sed -i \"/^$fichier$/d\" $wl_categories_enabled"); |
exec("/bin/sed -i ".escapeshellarg("/^$fichier$/d")." $wl_categories_enabled"); |
exec("sudo /usr/local/bin/alcasar-bl.sh --reload"); |
} |
if($action == $l_enable) //enable |
244,7 → 245,7 |
if(!empty($file_name)) |
{ |
$dest_dir = $dir_blacklist."ossi-wl-".$file_name; |
exec ("mkdir $dest_dir"); |
exec("mkdir ".escapeshellarg($dest_dir)); |
$file=$_FILES['fichier_ip']['tmp_name']; |
exec("/usr/bin/dos2unix $file $file"); |
if(move_uploaded_file($_FILES['fichier_ip']['tmp_name'], $dest_dir."/domains")) |
256,7 → 257,7 |
} |
else |
{ |
exec("rm -rf $dest_dir"); |
exec("rm -rf ".escapeshellarg($dest_dir)); |
echo $l_error_upload; |
} |
} |
/web/acc/backup/log_generation.php |
---|
102,16 → 102,16 |
switch($_POST['submit']) |
{ |
case 'query_all': |
exec("sudo alcasar-generate_log.sh '$password'"); |
exec("sudo alcasar-generate_log.sh ".escapeshellarg($password)); |
break; |
case 'query_range': |
$date1_selected= $_POST['start-year'].'-'.$_POST['start-month'].'-'.$_POST['start-day'].' '.$_POST['start-hour'].':'.$_POST['start-min'].':'.$_POST['start-sec']; |
$date2_selected= $_POST['stop-year'].'-'.$_POST['stop-month'].'-'.$_POST['stop-day'].' '.$_POST['stop-hour'].':'.$_POST['stop-min'].':'.$_POST['stop-sec']; |
exec("sudo alcasar-generate_log.sh '$password' '$date1_selected' '$date2_selected' "); |
exec("sudo alcasar-generate_log.sh ".escapeshellarg($password)." ".escapeshellarg($date1_selected)." ".escapeshellarg($date2_selected)); |
break; |
case 'query_simple': |
$date1_selected= $_POST['start-year'].'-'.$_POST['start-month'].'-'.$_POST['start-day'].' '.$_POST['start-hour'].':'.$_POST['start-min'].':'.$_POST['start-sec']; |
exec("sudo alcasar-generate_log.sh '$password' '$date1_selected'"); |
exec("sudo alcasar-generate_log.sh ".escapeshellarg($password)." ".escapeshellarg($date1_selected)); |
break; |
} |
/web/acc/manager/htdocs/activity.php |
---|
22,19 → 22,20 |
exit("Can't read the file ".$file);} |
} |
#retrieve IP_address of ALCASAR |
$alcasar_conf_file="/usr/local/etc/alcasar.conf"; |
$ouvre=fopen("$alcasar_conf_file","r"); |
if ($ouvre){ |
while (!feof ($ouvre)) |
{ |
$tampon = fgets($ouvre, 4096); |
if (strpos($tampon,"=")!==false){ |
$tmp = explode("=",$tampon); |
$conf[$tmp[0]] = $tmp[1]; |
$alcasar_conf_file = '/usr/local/etc/alcasar.conf'; |
$file_conf = fopen($alcasar_conf_file, 'r'); |
if (!$file_conf) { |
exit('Error opening the file '.$alcasar_conf_file); |
} |
while (!feof($file_conf)) { |
$buffer = fgets($file_conf, 4096); |
if ((strpos($buffer, '=') !== false) && (substr($buffer, 0, 1) !== '#')) { |
$tmp = explode('=', $buffer); |
$conf[trim($tmp[0])] = trim($tmp[1]); |
} |
} |
fclose($ouvre); |
fclose($file_conf); |
$tmp = explode("/",$conf["PRIVATE_IP"]); |
$intif = $conf["INTIF"]; |
$private_ip=$tmp[0]; |
78,15 → 79,15 |
if (isset($_POST['action'])){ |
switch ($_POST['action']){ |
case "$l_disconnect" : |
exec ("sudo /usr/sbin/chilli_query logout $_POST[mac_addr]"); |
exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($_POST['mac_addr'])); |
unset ($_POST['mac_addr']); |
break; |
case "$l_dissociate" : |
exec ("sudo /usr/sbin/chilli_query dhcp-release $_POST[mac_addr]"); |
exec("sudo /usr/sbin/chilli_query dhcp-release ".escapeshellarg($_POST['mac_addr'])); |
unset ($_POST['mac_addr']); |
break; |
case "$l_connect" : |
exec ("sudo /usr/sbin/chilli_query authorize mac $_POST[mac_addr]"); |
exec("sudo /usr/sbin/chilli_query authorize mac ".escapeshellarg($_POST['mac_addr'])); |
unset ($_POST['mac_addr']); |
break; |
} |
103,7 → 104,7 |
<th>$l_action</th> |
</tr>"; |
$output = array(); $detail = array(); $nb_ligne = 0; |
exec ("sudo /sbin/ip link show $intif", $output); // retrieve ALCASAR MAC address |
exec("sudo /sbin/ip link show ".escapeshellarg($intif), $output); // retrieve ALCASAR MAC address |
$detail = explode (" " , $output[1]); |
$intif_mac_addr=strtoupper(str_replace(":","-",$detail[5])); |
unset ($output);unset ($detail); |
/web/acc/manager/htdocs/autoregistration.php |
---|
479,7 → 479,7 |
{ |
if(preg_match('#^\+#',$num)) |
{ |
exec("sudo $script --replace_numero_alcasar $num"); |
exec("sudo $script --replace_numero_alcasar ".escapeshellarg($num)); |
header('Location: autoregistration.php'); |
} |
else |
501,7 → 501,7 |
{ |
if(is_numeric($pin)) |
{ |
exec("sudo $script --replace_pin $pin"); |
exec("sudo $script --replace_pin ".escapeshellarg($pin)); |
header('Location: autoregistration.php'); |
} |
else |
524,7 → 524,7 |
{ |
if(is_numeric($nb_ban_temp)) |
{ |
exec("sudo $script --replace_try_ban $nb_ban_temp"); |
exec("sudo $script --replace_try_ban ".escapeshellarg($nb_ban_temp)); |
header('Location: autoregistration.php'); |
} |
else |
547,7 → 547,7 |
{ |
if(is_numeric($time_account)) |
{ |
exec("sudo $script --replace_time_account $time_account"); |
exec("sudo $script --replace_time_account ".escapeshellarg($time_account)); |
header('Location: autoregistration.php'); |
} |
else |
569,7 → 569,7 |
{ |
if(is_numeric($time_perm)) |
{ |
exec("sudo $script --replace_time_perm $time_perm"); |
exec("sudo $script --replace_time_perm ".escapeshellarg($time_perm)); |
header('Location: autoregistration.php'); |
} |
else |
587,8 → 587,8 |
if(isset($_GET['num_select'])){ |
$numero=$_GET['num_select']; |
$add_mac=exec("sudo /usr/sbin/chilli_query list | grep $numero | cut -d ' ' -f1"); |
exec("sudo /usr/sbin/chilli_query logout $add_mac"); |
$add_mac=exec("sudo /usr/sbin/chilli_query list | grep ".escapeshellarg($numero)." | cut -d ' ' -f1"); |
exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($add_mac)); |
exec("sudo $script --unlock_num $numero"); |
header('Location: autoregistration.php'); |
597,7 → 597,7 |
# Edition etat pays |
if(isset($_GET['country_select'])){ |
$country=utf8_decode($_GET['country_select']); |
exec("sudo $script --change_country $country"); |
exec("sudo $script --change_country ".escapeshellarg($country)); |
exec("sudo $script --change_country_filter advance"); |
header('Location: autoregistration.php'); |
} |
613,7 → 613,7 |
exec("sudo $script --change_country_dis_all"); |
$array_ue = array("Allemagne","Autriche","Belgique","Bulgarie","Chypre","Croatie","Danemark","Espagne","Estonie","Finlande","France","Grece","Hongrie","Irlande","Italie","Lettonie","Lituanie","Luxembourg","Malte","Pays-Bas"," Pologne","Portugal","Republique Tcheque","Roumanie","Angleterre","Slovaquie","Slovenie","Suede"); |
foreach ($array_ue as $pays){ |
exec("sudo $script --change_country $pays"); |
exec("sudo $script --change_country ".escapeshellarg($pays)); |
} |
exec("sudo $script --change_country_filter ue"); |
/web/acc/manager/htdocs/clear_opensessions.php |
---|
68,7 → 68,7 |
if ($clear_sessions == 1) |
{ |
# close active sessions |
exec ("sudo /usr/local/bin/alcasar-logout.sh $login"); |
exec("sudo /usr/local/bin/alcasar-logout.sh ".escapeshellarg($login)); |
# delete open accounting sessions |
$now = time(); |
$today_now = date("Y-m-d H:i:s",$now); |
103,11 → 103,11 |
# Count of chilli open sessions (for coova-chilli) |
$open_chilli_sessions = 0; |
exec ("sudo /usr/sbin/chilli_query list|cut -d\" \" -f5,6|grep $login|grep ^1|wc -l" , $open_chilli_sessions); |
exec("sudo /usr/sbin/chilli_query list | cut -d\" \" -f5,6 | grep ".escapeshellarg($login)." | grep ^1 | wc -l" , $open_chilli_sessions); |
?> |
<form method=post> |
<input type=hidden name=login value=<?php print $login ?>> |
<input type=hidden name=login value="<?= $login ?>"> |
<input type=hidden name=clear_sessions value="0"> |
<table border=1 bordercolordark=#ffffe0 bordercolorlight=#000000 width=100% cellpadding=2 cellspacing=0 bgcolor="#ffffe0" valign=top> |
<tr> |
/web/acc/manager/htdocs/user_edit.php |
---|
134,8 → 134,8 |
include("../lib/defaults.php"); |
} |
# Disconnecting user for re-authentication |
$mac=exec("sudo /usr/sbin/chilli_query list | grep \" $login \" | awk '{print $1}'"); |
exec("sudo /usr/sbin/chilli_query logout $mac"); |
$mac=exec("sudo /usr/sbin/chilli_query list | grep ".escapeshellarg(" $login ")." | awk '{print $1}'"); |
exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($mac)); |
} |
else{ |
if (is_file("../lib/$config[general_lib_type]/group_info.php")) |
143,8 → 143,8 |
# Disconnecting all users from the selected group for re-authentication |
if (isset($group_members)){ |
foreach ($group_members as $g_member => $member){ |
$mac=exec("sudo /usr/sbin/chilli_query list | grep \" $member \" | awk '{print $1}'"); |
exec("sudo /usr/sbin/chilli_query logout $mac"); |
$mac=exec("sudo /usr/sbin/chilli_query list | grep ".escapeshellarg(" $member ")." | awk '{print $1}'"); |
exec("sudo /usr/sbin/chilli_query logout ".escapeshellarg($mac)); |
} |
} |
} |
/web/acc/manager/lib/sql/create_user.php |
---|
24,11 → 24,11 |
$output = array(); |
if($passwd == "password" && preg_match('/([a-fA-F0-9]{2}[:|\-]?){6}/', $login)) |
{ |
exec ("sudo chilli_query list | grep $login | cut -d' ' -f2", $output); |
exec("sudo chilli_query list | grep ".escapeshellarg($login)." | cut -d' ' -f2", $output); |
//on vérifie que l'@IP de l'@MAC est différente de celle de l'admin sur l'ACC |
if(strpos($output[0], $_SERVER["REMOTE_ADDR"]) === false ) |
{ |
exec ("sudo chilli_query dhcp-release $login"); //dhcp-down |
exec("sudo chilli_query dhcp-release ".escapeshellarg($login)); //dhcp-down |
} |
} |
unset ($output); |