Add a way to enhance security check.

Dolibarr · Jun 25, 2016 · 266fef4 · 266fef4
1 parent 945fcc7
commit 266fef4
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 33 deletions.
diff --git a/htdocs/admin/tools/export.php b/htdocs/admin/tools/export.php
@@ -53,6 +53,8 @@
     exit;
 }
 
+$errormsg='';
+
 
 /*
  * Actions
@@ -120,16 +122,37 @@
 {
 
     $cmddump=GETPOST("mysqldump");	// Do not sanitize here with 'alpha', will be sanitize later by escapeshellarg
-    if ($cmddump)
+    if (! empty($dolibarr_main_restrict_os_commands))
+    {
+        $arrayofallowedcommand=explode(',', $dolibarr_main_restrict_os_commands);
+        $ok=0;
+        dol_syslog("Command are restricted to ".$dolibarr_main_restrict_os_commands.". We check that on of this command is inside ".$cmddump);
+        foreach($arrayofallowedcommand as $allowedcommand)
+        {
+            if (preg_match('/'.preg_quote($allowedcommand,'/').'/', $cmddump))
+            {
+                $ok=1;
+                break;
+            }
+        }
+        if (! $ok)
+        {
+            $errormsg=$langs->trans('CommandIsNotInsideAllowedCommands');
+        }
+    }
+
+    if (! $errormsg && $cmddump)
     {
         dolibarr_set_const($db, 'SYSTEMTOOLS_MYSQLDUMP', $cmddump,'chaine',0,'',$conf->entity);
     }
 
-    $utils->dumpDatabase(GETPOST('compression','alpha'), $what, 0, $file);
-
-    $errormsg=$utils->error;
-    $_SESSION["commandbackuplastdone"]=$utils->result['commandbackuplastdone'];
-    $_SESSION["commandbackuptorun"]=$utils->result['commandbackuptorun'];
+    if (! $errormsg) 
+    {
+        $utils->dumpDatabase(GETPOST('compression','alpha'), $what, 0, $file);
+        $errormsg=$utils->error;
+        $_SESSION["commandbackuplastdone"]=$utils->result['commandbackuplastdone'];
+        $_SESSION["commandbackuptorun"]=$utils->result['commandbackuptorun'];
+    }
 }
 
 // MYSQL NO BIN
@@ -146,16 +169,19 @@
 if ($what == 'postgresql')
 {
     $cmddump=GETPOST("postgresqldump");	// Do not sanitize here with 'alpha', will be sanitize later by escapeshellarg
-    if ($cmddump)
+
+    if (! $errormsg && $cmddump)
     {
         dolibarr_set_const($db, 'SYSTEMTOOLS_POSTGRESQLDUMP', $cmddump,'chaine',0,'',$conf->entity);
     }
 
-    $utils->dumpDatabase(GETPOST('compression','alpha'), $what, 0, $file);
-
-    $errormsg=$utils->error;
-    $_SESSION["commandbackuplastdone"]=$utils->result['commandbackuplastdone'];
-    $_SESSION["commandbackuptorun"]=$utils->result['commandbackuptorun'];
+    if (! $errormsg) 
+    {
+        $utils->dumpDatabase(GETPOST('compression','alpha'), $what, 0, $file);
+        $errormsg=$utils->error;
+        $_SESSION["commandbackuplastdone"]=$utils->result['commandbackuplastdone'];
+        $_SESSION["commandbackuptorun"]=$utils->result['commandbackuptorun'];
+    }
 
     $what='';   // Clear to show message to run command
 }

diff --git a/htdocs/conf/conf.php.example b/htdocs/conf/conf.php.example
@@ -220,6 +220,25 @@ $dolibarr_main_authentication='dolibarr';
 //
 $dolibarr_main_force_https='0';
 
+// dolibarr_main_prod
+// When this parameter is defined, all errors messages are not reported.
+// This feature exists for production usage to avoid to give any information to hackers.
+// Default value: 0
+// Possible values: 0 or 1
+// Examples:
+// $dolibarr_main_prod='0';
+//
+$dolibarr_main_prod='0';
+
+// $dolibarr_main_restrict_os_commands
+// To restrict commands you can execute by the backup feature, enter allowed command here.
+// Note: If you can, defining permission on OS linux (using SELinux for example) may be a better choice.
+// Default value: 'mysqldump, mysql, pg_dump, pgrestore'
+// Examples:
+// $dolibarr_main_restrict_os_commands='mysqldump, mysqldumpalias';
+//
+$dolibarr_main_restrict_os_commands='mysqldump, mysql, pg_dump, pgrestore';
+
 // dolibarr_nocsrfcheck
 // This parameter can be used to disable CSRF protection.
 // This might be required if you access Dolibarr behind a proxy that make
@@ -231,15 +250,11 @@ $dolibarr_main_force_https='0';
 //
 $dolibarr_nocsrfcheck='0';
 
-// dolibarr_main_prod
-// When this parameter is defined, all errors messages are not reported.
-// This feature exists for production usage to avoid to give any information to hackers.
-// Default value: 0
-// Possible values: 0 or 1
+// dolibarr_mailing_limit_sendbyweb
+// Can set a limit for mailing send by web. Can be used for a restricted mode.
+// Default value: 0 (use database value if exist)
 // Examples:
-// $dolibarr_main_prod='0';
-//
-$dolibarr_main_prod='0';
+// $dolibarr_mailing_limit_sendbyweb='0';
 
 
 
@@ -251,8 +266,6 @@ $dolibarr_main_prod='0';
 // This parameter contains prefix of Dolibarr database. 'llx_' if not defined.
 // Examples:
 // $dolibarr_main_db_prefix='llx_';
-//
-$dolibarr_main_db_prefix='';
 
 // dolibarr_main_limit_users
 // Can set a limit on the number of users it will be possible to create
@@ -261,12 +274,6 @@ $dolibarr_main_db_prefix='';
 // Examples:
 // $dolibarr_main_limit_users='0';
 
-// dolibarr_mailing_limit_sendbyweb
-// Can set a limit for mailing send by web. Can be used for a restricted mode.
-// Default value: 0 (use database value if exist)
-// Examples:
-// $dolibarr_mailing_limit_sendbyweb='0';
-
 // dolibarr_strict_mode
 // Set this to 1 to enable the PHP strict mode. For dev environment only.
 // Default value: 0 (use database value if exist)

diff --git a/htdocs/install/step1.php b/htdocs/install/step1.php
@@ -853,24 +853,30 @@ function write_conf_file($conffile)
 		fputs($fp,"\n");
 
 		/* Authentication */
+		fputs($fp, '// Authentication settings');
+        fputs($fp,"\n");
+
 		fputs($fp, '$dolibarr_main_authentication=\'dolibarr\';');
 		fputs($fp,"\n\n");
 
-		fputs($fp, '// Specific settings');
-        fputs($fp,"\n");
-
         fputs($fp, '//$dolibarr_main_demo=\'autologin,autopass\';');
         fputs($fp,"\n");
 
-        fputs($fp, '$dolibarr_main_prod=\'0\';');
+		fputs($fp, '// Security settings');
         fputs($fp,"\n");
 
-        fputs($fp, '$dolibarr_nocsrfcheck=\'0\';');
+        fputs($fp, '$dolibarr_main_prod=\'0\';');
         fputs($fp,"\n");
 
         fputs($fp, '$dolibarr_main_force_https=\''.$main_force_https.'\';');
 		fputs($fp,"\n");
 
+        fputs($fp, '$dolibarr_main_restrict_os_commands=\'mysqldump, mysql, pg_dump, pgrestore\';');
+		fputs($fp,"\n");
+
+        fputs($fp, '$dolibarr_nocsrfcheck=\'0\';');
+        fputs($fp,"\n");
+
 		fputs($fp, '$dolibarr_main_cookie_cryptkey=\''.$key.'\';');
 		fputs($fp,"\n");
 

diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang
@@ -1589,3 +1589,4 @@ DetectionNotPossible=Detection not possible
 UrlToGetKeyToUseAPIs=Url to get token to use API (once token has been received it is saved on database user table and will be checked on each future access) 
 ListOfAvailableAPIs=List of available APIs
 activateModuleDependNotSatisfied=Module "%s" depends on module "%s" that is missing, so module "%1$s" may not work correclty. Please install module "%2$s" or disable module "%1$s" if you want to be safe from any surprise
+CommandIsNotInsideAllowedCommands=The command you try to run is not inside list of allowed commands defined into parameter <strong>$dolibarr_main_restrict_os_commands</strong> into <strong>conf.php</strong> file.