jro_apps/redmine Commit - r7689:38089d9a5606

Fixed: Redmine.pm potential security issue with cache credential enabled and subversion (#9567)....

Jean-Philippe Lang -

r7689:38089d9a5606

parent child

Context file:

r7689:38089d9a5606

Collapse all files

extra/svn/Redmine.pm +7 -5

                my $project_id  = get_project_identifier($r);
                my $pass_digest = Digest::SHA1::sha1_hex($redmine_pass);
+               my $access_mode = defined $read_only_methods{$r->method} ? "R" : "W";
                my $cfg = Apache2::Module::get_config(__PACKAGE__, $r->server, $r->per_dir_config);
                my $usrprojpass;
                if ($cfg->{RedmineCacheCredsMax}) {
-                 $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id);
+                 $usrprojpass = $cfg->{RedmineCacheCreds}->get($redmine_user.":".$project_id.":".$access_mode);
                  return 1 if (defined $usrprojpass and ($usrprojpass eq $pass_digest));
                }
                my $query = $cfg->{RedmineQuery};
                    unless ($auth_source_id) {
              	  			my $method = $r->method;
                        my $salted_password = Digest::SHA1::sha1_hex($salt.$pass_digest);
-             					if ($hashed_password eq $salted_password && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {
+             					if ($hashed_password eq $salted_password && (($access_mode eq "R" && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) {
                            $ret = 1;
                            last;
                        }
                              filter  =>      "(".$rowldap[6]."=%s)"
                          );
                          my $method = $r->method;
-                         $ret = 1 if ($ldap->authenticate($redmine_user, $redmine_pass) && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/));
+                         $ret = 1 if ($ldap->authenticate($redmine_user, $redmine_pass) && (($access_mode eq "R" && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/));
                        }
                        $sthldap->finish();
                if ($cfg->{RedmineCacheCredsMax} and $ret) {
                  if (defined $usrprojpass) {
-                   $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id, $pass_digest);
+                   $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
                  } else {
                    if ($cfg->{RedmineCacheCredsCount} < $cfg->{RedmineCacheCredsMax}) {
-                     $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id, $pass_digest);
+                     $cfg->{RedmineCacheCreds}->set($redmine_user.":".$project_id.":".$access_mode, $pass_digest);
                      $cfg->{RedmineCacheCredsCount}++;
                    } else {
                      $cfg->{RedmineCacheCreds}->clear();

General Comments 0

Write
Preview

You need to be logged in to leave comments. Login now

No TODOs yet

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
g 0-9	Goto bookmarked items from 0-9
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository access permissions settings
t s	Toggle sidebar on some pages