From: Andrew McNab Date: Tue, 15 Sep 2009 14:58:18 +0000 (+0000) Subject: Sync X-Git-Tag: glite-security-gss_R_2_0_1_1~59 X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=e86ab3e763aff312d0f147a4de7ca7f830702043;p=jra1mw.git Sync --- diff --git a/org.gridsite.core/src/grst_admin_file.c b/org.gridsite.core/src/grst_admin_file.c index 58f6ff2..fff3cc4 100644 --- a/org.gridsite.core/src/grst_admin_file.c +++ b/org.gridsite.core/src/grst_admin_file.c @@ -62,21 +62,34 @@ POSSIBILITY OF SUCH DAMAGE. int verifypasscode() { - char *issuedpc=NULL, *returnedpc=NULL; + char *issuedpc=NULL, *returnedpc=NULL, *requirepasscode=NULL; + + requirepasscode = getenv("GRST_REQUIRE_PASSCODE"); issuedpc = getenv("GRST_PASSCODE_COOKIE"); returnedpc = GRSThttpGetCGI("passcode"); -// GRSThttpError(issuedpc); - if( issuedpc==NULL )return 0; - if( returnedpc==NULL )return 0; - if( strcmp( issuedpc, returnedpc )==0 )return 1; - else return 0; + + /* if GRST_REQUIRE_PASSCODE != on then always OK */ + + if (requirepasscode == NULL) return 1; + + if (strcmp(requirepasscode, "on") != 0) return 1; + + /* otherwise, require passcode and that it matches */ + + if (issuedpc == NULL) return 0; + + if (returnedpc == NULL) return 0; + + if (strcmp(issuedpc, returnedpc)==0 )return 1; + + return 0; } void outputformactionerror(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, char *dir_uri, char *admin_file) { GRSThttpBody bp; - puts("Status: 500 Failed trying to upload\nContent-Type: text/html"); + puts("Status: 500 Failed due to forbidden operation\nContent-Type: text/html"); GRSThttpBodyInit(&bp); GRSThttpPrintf(&bp,"Forbidden operation\n"); @@ -151,11 +164,12 @@ void uploadfile(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, #define MIMESTUNKNOWN 1 #define MIMESTUPLOAD 2 #define MIMESTFILENM 3 - +/* if( verifypasscode()==0 ){ outputformactionerror(dn, perm, help_uri, dir_path, dir_uri, admin_file); return; } +*/ if (!GRSTgaclPermHasWrite(perm)) GRSThttpError("403 Forbidden"); p = getenv("CONTENT_TYPE"); @@ -640,7 +654,7 @@ void renameaction(char *dn, GRSTgaclPerm perm, char *help_uri, char *dir_path, GRSThttpBody bp; if( verifypasscode()==0 ){ - outputformactionerror(dn, perm, help_uri, dir_path, dir_uri, admin_file); + outputformactionerror(dn, perm, help_uri, dir_path, dir_uri, admin_file); return; } if (!GRSTgaclPermHasWrite(perm) || (strcmp(file, GRST_ACL_FILE) == 0)) diff --git a/org.gridsite.core/src/grst_x509.c b/org.gridsite.core/src/grst_x509.c index 13038e4..a5df3ec 100644 --- a/org.gridsite.core/src/grst_x509.c +++ b/org.gridsite.core/src/grst_x509.c @@ -2068,9 +2068,16 @@ int GRSTx509MakeProxyRequest(char **reqtxt, char *proxydir, } if ((keypair = RSA_generate_key(GRST_KEYSIZE, 65537, NULL, NULL)) == NULL) - return 1; + { + free(prvkeyfile); + return 1; + } - if ((fp = fopen(prvkeyfile, "w")) == NULL) return 2; + if ((fp = fopen(prvkeyfile, "w")) == NULL) + { + free(prvkeyfile); + return 2; + } chmod(prvkeyfile, S_IRUSR | S_IWUSR); free(prvkeyfile); diff --git a/org.gridsite.core/src/mod_gridsite.c b/org.gridsite.core/src/mod_gridsite.c index 48dfef2..d5027af 100644 --- a/org.gridsite.core/src/mod_gridsite.c +++ b/org.gridsite.core/src/mod_gridsite.c @@ -3431,6 +3431,8 @@ static int mod_gridsite_perm_handler(request_rec *r) ) retcode = HTTP_FORBIDDEN; } + if (user != NULL) GRSTgaclUserFree(user); + return retcode; }