Commit 3bca18fb authored by Leigh B. Stoller's avatar Leigh B. Stoller

More security hacking: Do not allow and random user from the internet

to logout any random user on the testbed; only logged in admin users
can do that now!
parent 754d8013
...@@ -73,8 +73,8 @@ freezeuser.php3 ...@@ -73,8 +73,8 @@ freezeuser.php3
index.php3 index.php3
joinproject.php3 joinproject.php3
loadimage.php3 loadimage.php3
login.php3 login.php3 X
logout.php3 logout.php3 X
menu.php3 menu.php3
menu.php3.java menu.php3.java
modifyexp.php3 modifyexp.php3
...@@ -146,7 +146,7 @@ start.php3 ...@@ -146,7 +146,7 @@ start.php3
survey.php3 survey.php3
swapexp.php3 swapexp.php3
tbauth.php3 tbauth.php3
toggle.php toggle.php X
top2image.php3 top2image.php3
tutorial/docwrapper.php3 X tutorial/docwrapper.php3 X
tutorial/tutorial.php3 X tutorial/tutorial.php3 X
......
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group. # Copyright (c) 2000-2003 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
# #
...@@ -12,28 +12,43 @@ require("defs.php3"); ...@@ -12,28 +12,43 @@ require("defs.php3");
# #
# This page gets loaded as the result of a logout click. # This page gets loaded as the result of a logout click.
# #
# $uid comes in as a variable. # $uid optionally comes in as a variable so admins can logout other users.
# #
if (isset($uid) && strcmp($uid, "")) { $target_uid = $_GET['target_uid'];
DOLOGOUT($uid);
unset($uid); # Pedantic page argument checking. Good practice!
if (isset($target_uid) && $target_uid == "") {
# PAGEARGERROR();
# Zap the user back to the front page, in nonsecure mode.
#
header("Location: $TBBASE/");
return;
} }
# # Get current login.
# Standard Testbed Header # Only admin users can logout someone other then themself.
# $uid = GETLOGIN();
PAGEHEADER("Logout"); LOGGEDINORDIE($uid);
if (!isset($target_uid))
$target_uid = $uid;
if ($target_uid != $uid && !ISADMIN($uid)) {
PAGEHEADER("Logout");
echo "<center>
<h3>You do not have permission to logout '$target_uid'
</h3></center>\n";
PAGEFOOTER();
return;
}
echo "<center><h3>Logout attempt failed!</h3></center>\n"; if (DOLOGOUT($target_uid) != 0) {
PAGEHEADER("Logout");
echo "<center><h3>Logout '$target_uid' failed!</h3></center>\n";
PAGEFOOTER();
return;
}
# #
# Standard Testbed Footer # Success. Zap the user back to the front page, in nonsecure mode.
# #
PAGEFOOTER(); header("Location: $TBBASE/");
?> ?>
...@@ -362,7 +362,7 @@ function WRITESIDEBAR() { ...@@ -362,7 +362,7 @@ function WRITESIDEBAR() {
if ($login_status & (CHECKLOGIN_LOGGEDIN|CHECKLOGIN_MAYBEVALID)) { if ($login_status & (CHECKLOGIN_LOGGEDIN|CHECKLOGIN_MAYBEVALID)) {
echo "<tr>"; echo "<tr>";
echo "<td class=\"menufooter\" align=center valign=center>"; echo "<td class=\"menufooter\" align=center valign=center>";
echo "<a href=\"$TBBASE/logout.php3?uid=$login_uid\">"; echo "<a href=\"$TBBASE/logout.php3?target_uid=$login_uid\">";
echo "<img alt=\"logoff\" border=0 "; echo "<img alt=\"logoff\" border=0 ";
echo "src=\"$BASEPATH/logoff.gif\"></a>\n"; echo "src=\"$BASEPATH/logoff.gif\"></a>\n";
echo "</td></tr>\n"; echo "</td></tr>\n";
......
...@@ -494,6 +494,11 @@ function VERIFYPASSWD($uid, $password) { ...@@ -494,6 +494,11 @@ function VERIFYPASSWD($uid, $password) {
function DOLOGOUT($uid) { function DOLOGOUT($uid) {
global $TBDBNAME, $TBSECURECOOKIES, $CHECKLOGIN_STATUS; global $TBDBNAME, $TBSECURECOOKIES, $CHECKLOGIN_STATUS;
# Pedantic check.
if (!TBvalid_uid($uid)) {
return 1;
}
$CHECKLOGIN_STATUS = CHECKLOGIN_NOTLOGGEDIN; $CHECKLOGIN_STATUS = CHECKLOGIN_NOTLOGGEDIN;
$query_result = $query_result =
...@@ -501,7 +506,7 @@ function DOLOGOUT($uid) { ...@@ -501,7 +506,7 @@ function DOLOGOUT($uid) {
# Not logged in. # Not logged in.
if (($row = mysql_fetch_array($query_result)) == 0) { if (($row = mysql_fetch_array($query_result)) == 0) {
return 0; return 1;
} }
$hashkey = $row[hashkey]; $hashkey = $row[hashkey];
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment