Move Originate to a separate privilege and require the additional System privilege...
authorTilghman Lesher <tilghman@meg.abyt.es>
Fri, 22 Feb 2008 22:55:35 +0000 (22:55 +0000)
committerTilghman Lesher <tilghman@meg.abyt.es>
Fri, 22 Feb 2008 22:55:35 +0000 (22:55 +0000)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@104039 65c4cc65-6c06-0410-ace0-fbb531ad65f3

CHANGES
UPGRADE.txt
doc/manager_1_1.txt
include/asterisk/manager.h
main/manager.c

diff --git a/CHANGES b/CHANGES
index d9059c8..21ea3c2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -48,6 +48,9 @@ AMI - The manager (TCP/TLS/HTTP)
   * Updated action newcat to allow new category to be inserted in file above another
     existing category.
   * Added new event "JitterBufStats" in the IAX2 channel
+  * Originate now requires the Originate privilege and, if you want to call out
+    to a subshell, it requires the System privilege, as well.  This was done to
+    enhance manager security.
 
 Dialplan functions
 ------------------
index 46ab23d..588bccc 100644 (file)
@@ -178,3 +178,6 @@ Manager:
    change your manager.conf to add the level to existing AMI users, if they
    want to see the CDR events generated.
 
+* The Originate command now requires the Originate write permission.  For
+   Originate with the Application parameter, you need the additional System
+   privilege if you want to do anything that calls out to a subshell.
index b2a0ba0..2708b37 100644 (file)
@@ -114,6 +114,11 @@ Changes to manager version 1.1:
        Added new headers for SayEnvelope, SayCID, AttachMessage, CanReview
         and CallOperator voicemail configuration settings.
 
+- Action Originate
+       Now requires the new Originate privilege.
+       If you call out to a subshell in Originate with the Application parameter,
+               you now also need the System privilege.
+
 * NEW ACTIONS
 -------------
 - Action: ModuleLoad
index 327f674..45f2b51 100644 (file)
@@ -69,6 +69,7 @@
 #define EVENT_FLAG_REPORTING           (1 << 9) /* Reporting events such as rtcp sent */
 #define EVENT_FLAG_CDR                 (1 << 10) /* CDR events */
 #define EVENT_FLAG_DIALPLAN            (1 << 11) /* Dialplan events (VarSet, NewExten) */
+#define EVENT_FLAG_ORIGINATE   (1 << 12) /* Originate a call to an extension */
 /*@} */
 
 /*! \brief Export manager structures */
index d4ba834..da44577 100644 (file)
@@ -328,6 +328,7 @@ static struct permalias {
        { EVENT_FLAG_REPORTING, "reporting" },
        { EVENT_FLAG_CDR, "cdr" },
        { EVENT_FLAG_DIALPLAN, "dialplan" },
+       { EVENT_FLAG_ORIGINATE, "originate" },
        { -1, "all" },
        { 0, "none" },
 };
@@ -2156,8 +2157,23 @@ static int action_originate(struct mansession *s, const struct message *m)
                        }
                }
        } else if (!ast_strlen_zero(app)) {
+               /* To run the System application (or anything else that goes to shell), you must have the additional System privilege */
+               if (!(s->writeperm & EVENT_FLAG_SYSTEM)
+                       && (
+                               strcasestr(app, "system") == 0 || /* System(rm -rf /)
+                                                                    TrySystem(rm -rf /)       */
+                               strcasestr(app, "exec") ||        /* Exec(System(rm -rf /))
+                                                                    TryExec(System(rm -rf /)) */
+                               strcasestr(app, "agi") ||         /* AGI(/bin/rm,-rf /)
+                                                                    EAGI(/bin/rm,-rf /)       */
+                               strstr(appdata, "SHELL") ||       /* NoOp(${SHELL(rm -rf /)})  */
+                               strstr(appdata, "EVAL")           /* NoOp(${EVAL(${some_var_containing_SHELL})}) */
+                               )) {
+                       astman_send_error(s, m, "Originate with certain 'Application' arguments requires the additional System privilege, which you do not have.");
+                       return 0;
+               }
                res = ast_pbx_outgoing_app(tech, AST_FORMAT_SLINEAR, data, to, app, appdata, &reason, 1, l, n, vars, account, NULL);
-       } else {
+       } else {
                if (exten && context && pi)
                        res = ast_pbx_outgoing_exten(tech, AST_FORMAT_SLINEAR, data, to, context, exten, pi, &reason, 1, l, n, vars, account, NULL);
                else {
@@ -3641,7 +3657,7 @@ static int __init_manager(int reload)
                ast_manager_register2("CreateConfig", EVENT_FLAG_CONFIG, action_createconfig, "Creates an empty file in the configuration directory", mandescr_createconfig);
                ast_manager_register2("ListCategories", EVENT_FLAG_CONFIG, action_listcategories, "List categories in configuration file", mandescr_listcategories);
                ast_manager_register2("Redirect", EVENT_FLAG_CALL, action_redirect, "Redirect (transfer) a call", mandescr_redirect );
-               ast_manager_register2("Originate", EVENT_FLAG_CALL, action_originate, "Originate Call", mandescr_originate);
+               ast_manager_register2("Originate", EVENT_FLAG_ORIGINATE, action_originate, "Originate Call", mandescr_originate);
                ast_manager_register2("Command", EVENT_FLAG_COMMAND, action_command, "Execute Asterisk CLI Command", mandescr_command );
                ast_manager_register2("ExtensionState", EVENT_FLAG_CALL | EVENT_FLAG_REPORTING, action_extensionstate, "Check Extension Status", mandescr_extensionstate );
                ast_manager_register2("AbsoluteTimeout", EVENT_FLAG_SYSTEM | EVENT_FLAG_CALL, action_timeout, "Set Absolute Timeout", mandescr_timeout );