Skip to content

Commit

Permalink
ITC-2318 V3 Remove web based terminal to get rid of unnecessary secur…
Browse files Browse the repository at this point in the history 
…ity vulnerabilities
  • Loading branch information
root committed Feb 26, 2020
1 parent 252b12e commit 73b5b34
Show file tree
Hide file tree
Showing 8 changed files with 2 additions and 133 deletions.
Empty file modified app/Config/auth_actions.php 100755 → 100644
View file
Empty file.
Empty file modified app/Config/menu.php 100755 → 100644
View file
Empty file.
2 changes: 0 additions & 2 deletions app/Controller/CommandsController.php
View file
Expand Up @@ -157,7 +157,6 @@ public function view($id = null) {

public function add() {
$userId = $this->Auth->user('id');
$this->Frontend->setJson('console_welcome', $this->Command->getConsoleWelcome($this->systemname));
$this->set('command_types', $this->getCommandTypes());

if ($this->request->is('post') || $this->request->is('put')) {
Expand Down Expand Up @@ -210,7 +209,6 @@ public function edit($id = null) {
$command_types = $this->getCommandTypes();
$this->set(compact(['command', 'command_types']));
$this->set('_serialize', ['command', 'command_types']);
$this->Frontend->setJson('console_welcome', $this->Command->getConsoleWelcome($this->systemname));
$this->Frontend->setJson('command_id', $id);

if ($this->request->is('post') || $this->request->is('put')) {
Expand Down
45 changes: 0 additions & 45 deletions app/Lib/SudoMessageInterface.php
View file
Expand Up @@ -167,14 +167,6 @@ public function onMessage(ConnectionInterface $from, $msg) {
$this->send('Pong', 'keepAlive', 'keepAlive');
break;

case 'apt_get_update':
//$this->exec('apt-get update');
break;

case 'execute_nagios_command':
$this->execNagiosPlugin($msg->data);
break;

case 'rescheduleHost':
$this->Cake->Externalcommand->rescheduleHost(['uuid' => $msg->data[0], 'type' => $msg->data[1], 'satellite_id' => $msg->data[2]]);
break;
Expand Down Expand Up @@ -308,43 +300,6 @@ public function onError(ConnectionInterface $conn, \Exception $e) {
$this->clients->detach($conn);
}

public function execNagiosPlugin($command) {

$folder = new Folder(Configure::read('nagios.basepath') . Configure::read('nagios.libexec'));
$plugins = $folder->find();
$plugins[] = 'ls';
$plugins[] = 'ls -la';

if (strpos($command, ';') || strpos($command, '&&') || strpos($command, '$') || strpos($command, '|') || strpos($command, '`')) {
$this->send("\e[0;34mWARNING: This command contain illegal characters, to run this command is only allowed from real CLI!\e[0m\n");

return false;
}

if (strpos($command, './') === 0) {
//Parse ./ away
$_command = explode('./', $command);
//remove spaces to get raw command name
$_command = explode(' ', $_command[1], 2);
if (!isset($_command[0]) || !in_array($_command[0], $plugins)) {
$this->send("\e[0;31mERROR: Forbidden command!\e[0m\n");

return false;
}
} else {
$_command = explode(' ', $command, 2);
if (!isset($_command[0]) || !in_array($_command[0], $plugins)) {
$this->send("\e[0;31mERROR: Forbidden command!\e[0m\n");

return false;
}
}

$this->exec(escapeshellcmd("su " . Configure::read('nagios.user') . " -c '" . $command . "'"), [
'cwd' => Configure::read('nagios.basepath') . Configure::read('nagios.libexec'),
]);
}

public function exec($command, $options = []) {
// Exec normaly workd async wich is bad if we try to run to commands or tow users run a command
$_options = [
Expand Down
4 changes: 0 additions & 4 deletions app/View/Commands/add.ctp
View file
Expand Up @@ -104,10 +104,6 @@
</a>
</div>
</fieldset>
<?php if ($this->Acl->hasPermission('terminal')): ?>
<br/>
<div id="console"></div>
<?php endif; ?>
<br/>
<?php echo $this->Form->formActions(); ?>
</div>
Expand Down
4 changes: 0 additions & 4 deletions app/View/Commands/edit.ctp
View file
Expand Up @@ -147,10 +147,6 @@
<span class="col col-md-10 col-xs-12 txt-color-redLight"><i
class="fa fa-exclamation-circle"></i> <?php echo __('empty arguments will be removed automatically'); ?></span>
</fieldset>
<?php if ($this->Acl->hasPermission('terminal')): ?>
<br/>
<div id="console"></div>
<?php endif; ?>
<br/>
<?php echo $this->Form->formActions(); ?>
</div>
Expand Down
40 changes: 1 addition & 39 deletions app/webroot/js/app/controllers/commands/add_controller.js
View file
Expand Up @@ -26,7 +26,7 @@ App.Controllers.CommandsAddController = Frontend.AppController.extend({

argumentNames: null,

components: ['WebsocketSudo', 'Ajaxloader'],
components: ['Ajaxloader'],

_initialize: function(){
this.Ajaxloader.setup();
Expand Down Expand Up @@ -66,44 +66,6 @@ App.Controllers.CommandsAddController = Frontend.AppController.extend({
$this = $(this);
$this.parent().parent().remove();
});

this.$jqconsole = null;
this.WebsocketSudo.setup(this.getVar('websocket_url'), this.getVar('akey'));
this.WebsocketSudo._errorCallback = function(){
$('#error_msg').html('<div class="alert alert-danger alert-block"><a href="#" data-dismiss="alert" class="close">×</a><h5 class="alert-heading"><i class="fa fa-warning"></i> Error</h5>Could not connect to SudoWebsocket Server</div>');
$('#console').block({
fadeIn: 1000,
message: '<i class="fa fa-minus-circle fa-5x"></i>',
theme: false
});
$('.blockElement').css({
'background-color': '',
'border': 'none',
'color': '#FFFFFF'
});
}
this.WebsocketSudo.connect();
this.loadConsole();
this.WebsocketSudo._callback = function(transmitted){
this.$jqconsole.Write(transmitted.payload, 'jqconsole-output');
}.bind(this);
},

loadConsole: function(){
this.$jqconsole = $('#console').jqconsole('', 'nagios$ ');
this.$jqconsole.Write(this.getVar('console_welcome'));
var startPrompt = function(){
// Start the prompt with history enabled.
var self = this;
self.$jqconsole.Prompt(true, function(input){
// Output input with the class jqconsole-output.
//jqconsole.Write(input + '\n', 'jqconsole-output');
self.WebsocketSudo.send(self.WebsocketSudo.toJson('execute_nagios_command', input));
// Restart the prompt.
startPrompt();
});
}.bind(this);
startPrompt();
},

addArgument: function(){
Expand Down
40 changes: 1 addition & 39 deletions app/webroot/js/app/controllers/commands/edit_controller.js
View file
Expand Up @@ -29,7 +29,7 @@ App.Controllers.CommandsEditController = Frontend.AppController.extend({
* @return {void}
*/

components: ['WebsocketSudo', 'Ajaxloader'],
components: ['Ajaxloader'],

_initialize: function(){
this.Ajaxloader.setup();
Expand Down Expand Up @@ -68,44 +68,6 @@ App.Controllers.CommandsEditController = Frontend.AppController.extend({
$this = $(this);
$this.parent().parent().remove();
});

this.$jqconsole = null;
this.WebsocketSudo.setup(this.getVar('websocket_url'), this.getVar('akey'));
this.WebsocketSudo._errorCallback = function(){
$('#error_msg').html('<div class="alert alert-danger alert-block"><a href="#" data-dismiss="alert" class="close">×</a><h5 class="alert-heading"><i class="fa fa-warning"></i> Error</h5>Could not connect to SudoWebsocket Server</div>');
$('#console').block({
fadeIn: 1000,
message: '<i class="fa fa-minus-circle fa-5x"></i>',
theme: false
});
$('.blockElement').css({
'background-color': '',
'border': 'none',
'color': '#FFFFFF'
});
}
this.WebsocketSudo.connect();
this.loadConsole();
this.WebsocketSudo._callback = function(transmitted){
this.$jqconsole.Write(transmitted.payload, 'jqconsole-output');
}.bind(this);
},

loadConsole: function(){
this.$jqconsole = $('#console').jqconsole('', 'nagios$ ');
this.$jqconsole.Write(this.getVar('console_welcome'));
var startPrompt = function(){
// Start the prompt with history enabled.
var self = this;
self.$jqconsole.Prompt(true, function(input){
// Output input with the class jqconsole-output.
//jqconsole.Write(input + '\n', 'jqconsole-output');
self.WebsocketSudo.send(self.WebsocketSudo.toJson('execute_nagios_command', input));
// Restart the prompt.
startPrompt();
});
}.bind(this);
startPrompt();
},

addArgument: function(){
Expand Down

0 comments on commit 73b5b34

Please sign in to comment.