From 57188e4752b9606c54cd49f4d8f96ec0fc38f8f3 Mon Sep 17 00:00:00 2001
From: Phil Davis <phil.davis@inf.org>
Date: Mon, 2 Jan 2017 17:45:37 +0545
Subject: Add security notes for privilege assignment pages

Suggested solution for Redmine 2247
---
 src/usr/local/www/diag_backup.php                  |  1 +
 src/usr/local/www/diag_command.php                 |  1 +
 src/usr/local/www/diag_defaults.php                |  1 +
 src/usr/local/www/diag_edit.php                    |  1 +
 src/usr/local/www/system_authservers.php           |  1 +
 src/usr/local/www/system_groupmanager.php          | 21 ++++++++++++-
 src/usr/local/www/system_groupmanager_addprivs.php | 34 +++++++++++++++++++++-
 src/usr/local/www/system_usermanager.php           | 20 ++++++++++++-
 src/usr/local/www/system_usermanager_addprivs.php  | 34 +++++++++++++++++++++-
 src/usr/local/www/system_usermanager_settings.php  |  1 +
 10 files changed, 111 insertions(+), 4 deletions(-)

(limited to 'src/usr/local/www')

diff --git a/src/usr/local/www/diag_backup.php b/src/usr/local/www/diag_backup.php
index bd3de22..a2a9f70 100644
--- a/src/usr/local/www/diag_backup.php
+++ b/src/usr/local/www/diag_backup.php
@@ -27,6 +27,7 @@
 ##|*IDENT=page-diagnostics-backup-restore
 ##|*NAME=Diagnostics: Backup & Restore
 ##|*DESCR=Allow access to the 'Diagnostics: Backup & Restore' page.
+##|*WARN=standard-warning-root
 ##|*MATCH=diag_backup.php*
 ##|-PRIV
 
diff --git a/src/usr/local/www/diag_command.php b/src/usr/local/www/diag_command.php
index 30f069c..4c32495 100755
--- a/src/usr/local/www/diag_command.php
+++ b/src/usr/local/www/diag_command.php
@@ -31,6 +31,7 @@
 ##|*IDENT=page-diagnostics-command
 ##|*NAME=Diagnostics: Command
 ##|*DESCR=Allow access to the 'Diagnostics: Command' page.
+##|*WARN=standard-warning-root
 ##|*MATCH=diag_command.php*
 ##|-PRIV
 
diff --git a/src/usr/local/www/diag_defaults.php b/src/usr/local/www/diag_defaults.php
index 8c1ee6f..fc61e34 100644
--- a/src/usr/local/www/diag_defaults.php
+++ b/src/usr/local/www/diag_defaults.php
@@ -27,6 +27,7 @@
 ##|*IDENT=page-diagnostics-factorydefaults
 ##|*NAME=Diagnostics: Factory defaults
 ##|*DESCR=Allow access to the 'Diagnostics: Factory defaults' page.
+##|*WARN=standard-warning-root
 ##|*MATCH=diag_defaults.php*
 ##|-PRIV
 
diff --git a/src/usr/local/www/diag_edit.php b/src/usr/local/www/diag_edit.php
index 10964ea..24dedd7 100644
--- a/src/usr/local/www/diag_edit.php
+++ b/src/usr/local/www/diag_edit.php
@@ -23,6 +23,7 @@
 ##|*IDENT=page-diagnostics-edit
 ##|*NAME=Diagnostics: Edit File
 ##|*DESCR=Allow access to the 'Diagnostics: Edit File' page.
+##|*WARN=standard-warning-root
 ##|*MATCH=diag_edit.php*
 ##|*MATCH=browser.php*
 ##|*MATCH=vendor/filebrowser/browser.php*
diff --git a/src/usr/local/www/system_authservers.php b/src/usr/local/www/system_authservers.php
index 7b65c46..f21a7a9 100644
--- a/src/usr/local/www/system_authservers.php
+++ b/src/usr/local/www/system_authservers.php
@@ -24,6 +24,7 @@
 ##|*IDENT=page-system-authservers
 ##|*NAME=System: Authentication Servers
 ##|*DESCR=Allow access to the 'System: Authentication Servers' page.
+##|*WARN=standard-warning-root
 ##|*MATCH=system_authservers.php*
 ##|-PRIV
 
diff --git a/src/usr/local/www/system_groupmanager.php b/src/usr/local/www/system_groupmanager.php
index 2a4da45..c52bf71 100644
--- a/src/usr/local/www/system_groupmanager.php
+++ b/src/usr/local/www/system_groupmanager.php
@@ -29,6 +29,7 @@
 ##|*IDENT=page-system-groupmanager
 ##|*NAME=System: Group Manager
 ##|*DESCR=Allow access to the 'System: Group Manager' page.
+##|*WARN=standard-warning-root
 ##|*MATCH=system_groupmanager.php*
 ##|-PRIV
 
@@ -234,15 +235,33 @@ function build_priv_table() {
 	$privhtml .=		'</thead>';
 	$privhtml .=		'<tbody>';
 
+	$user_has_root_priv = false;
+
 	foreach (get_user_privdesc($a_group[$id]) as $i => $priv) {
 		$privhtml .=		'<tr>';
 		$privhtml .=			'<td>' . htmlspecialchars($priv['name']) . '</td>';
-		$privhtml .=			'<td>' . htmlspecialchars($priv['descr']) . '</td>';
+		$privhtml .=			'<td>' . htmlspecialchars($priv['descr']);
+		if (isset($priv['warn']) && ($priv['warn'] == 'standard-warning-root')) {
+			$privhtml .=			' ' . gettext('(root privilege)');
+			$user_has_root_priv = true;
+		}
+		$privhtml .=			'</td>';
 		$privhtml .=			'<td><a class="fa fa-trash" title="' . gettext('Delete Privilege') . '"	href="system_groupmanager.php?act=delpriv&amp;groupid=' . $id . '&amp;privid=' . $i . '"></a></td>';
 		$privhtml .=		'</tr>';
 
 	}
 
+	if ($user_has_root_priv) {
+		$privhtml .=		'<tr>';
+		$privhtml .=			'<td colspan="2">';
+		$privhtml .=				'<b>' . gettext('Security notice: Users in this group effectively have root privilege') . '</b>';
+		$privhtml .=			'</td>';
+		$privhtml .=			'<td>';
+		$privhtml .=			'</td>';
+		$privhtml .=		'</tr>';
+		
+	}
+
 	$privhtml .=		'</tbody>';
 	$privhtml .=	'</table>';
 	$privhtml .= '</div>';
diff --git a/src/usr/local/www/system_groupmanager_addprivs.php b/src/usr/local/www/system_groupmanager_addprivs.php
index ad07c1c..0947d97 100644
--- a/src/usr/local/www/system_groupmanager_addprivs.php
+++ b/src/usr/local/www/system_groupmanager_addprivs.php
@@ -28,6 +28,7 @@
 ##|*IDENT=page-system-groupmanager-addprivs
 ##|*NAME=System: Group Manager: Add Privileges
 ##|*DESCR=Allow access to the 'System: Group Manager: Add Privileges' page.
+##|*WARN=standard-warning-root
 ##|*MATCH=system_groupmanager_addprivs.php*
 ##|-PRIV
 
@@ -117,6 +118,20 @@ function build_priv_list() {
 	return($list);
 }
 
+function get_root_priv_item_text() {
+	global $priv_list;
+
+	$priv_text = "";
+
+	foreach ($priv_list as $pname => $pdata) {
+		if (isset($pdata['warn']) && ($pdata['warn'] == 'standard-warning-root')) {
+			$priv_text .= '<br/>' . $pdata['name'];
+		}
+	}
+
+	return($priv_text);
+}
+
 include("head.inc");
 
 if ($input_errors) {
@@ -171,6 +186,19 @@ $section->addInput(new Form_Input(
 	null
 ))->setHelp('Show only the choices containing this term');
 
+$section->addInput(new Form_StaticText(
+	gettext('Privilege information'),
+	'<span class="help-block">'.
+	gettext('The following privileges effectively give root privilege to users in the group' .
+		' because the user gains access to execute general commands, edit system files, ' .
+		' modify users, change passwords or similar:') .
+	'<br/>' .
+	get_root_priv_item_text() .
+	'<br/><br/>' .
+	gettext('Please take care when granting these privileges.') .
+	'</span>'
+));
+
 $btnfilter = new Form_Button(
 	'btnfilter',
 	'Filter',
@@ -215,7 +243,11 @@ events.push(function() {
 				continue;
 			}
 
-			$desc = addslashes(preg_replace("/pfSense/i", $g['product_name'], $pdata['descr']));
+			$desc = preg_replace("/pfSense/i", $g['product_name'], $pdata['descr']);
+			if (isset($pdata['warn']) && ($pdata['warn'] == 'standard-warning-root')) {
+				$desc .= ' ' . gettext('(This privilege effectively gives root privilege to users in the group)');
+			}
+			$desc = addslashes($desc);
 			$jdescs .= "descs[{$id}] = '{$desc}';\n";
 			$id++;
 		}
diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php
index fca8657..c4bca18 100644
--- a/src/usr/local/www/system_usermanager.php
+++ b/src/usr/local/www/system_usermanager.php
@@ -29,6 +29,7 @@
 ##|*IDENT=page-system-usermanager
 ##|*NAME=System: User Manager
 ##|*DESCR=Allow access to the 'System: User Manager' page.
+##|*WARN=standard-warning-root
 ##|*MATCH=system_usermanager.php*
 ##|-PRIV
 
@@ -443,6 +444,7 @@ function build_priv_table() {
 	$privhtml .=		'<tbody>';
 
 	$i = 0;
+	$user_has_root_priv = false;
 
 	foreach (get_user_privdesc($a_user[$id]) as $priv) {
 		$group = false;
@@ -453,7 +455,12 @@ function build_priv_table() {
 		$privhtml .=		'<tr>';
 		$privhtml .=			'<td>' . htmlspecialchars($priv['group']) . '</td>';
 		$privhtml .=			'<td>' . htmlspecialchars($priv['name']) . '</td>';
-		$privhtml .=			'<td>' . htmlspecialchars($priv['descr']) . '</td>';
+		$privhtml .=			'<td>' . htmlspecialchars($priv['descr']);
+		if (isset($priv['warn']) && ($priv['warn'] == 'standard-warning-root')) {
+			$privhtml .=			' ' . gettext('(root privilege)');
+			$user_has_root_priv = true;
+		}
+		$privhtml .=			'</td>';
 		$privhtml .=			'<td>';
 		if (!$group) {
 			$privhtml .=			'<a class="fa fa-trash no-confirm icon-pointer" title="' . gettext('Delete Privilege') . '" id="delprivid' . $i . '"></a>';
@@ -467,6 +474,17 @@ function build_priv_table() {
 		}
 	}
 
+	if ($user_has_root_priv) {
+		$privhtml .=		'<tr>';
+		$privhtml .=			'<td colspan="3">';
+		$privhtml .=				'<b>' . gettext('Security notice: This user effectively has root privilege') . '</b>';
+		$privhtml .=			'</td>';
+		$privhtml .=			'<td>';
+		$privhtml .=			'</td>';
+		$privhtml .=		'</tr>';
+		
+	}
+
 	$privhtml .=		'</tbody>';
 	$privhtml .=	'</table>';
 	$privhtml .= '</div>';
diff --git a/src/usr/local/www/system_usermanager_addprivs.php b/src/usr/local/www/system_usermanager_addprivs.php
index ee6d416..d5751e9 100644
--- a/src/usr/local/www/system_usermanager_addprivs.php
+++ b/src/usr/local/www/system_usermanager_addprivs.php
@@ -24,6 +24,7 @@
 ##|*IDENT=page-system-usermanager-addprivs
 ##|*NAME=System: User Manager: Add Privileges
 ##|*DESCR=Allow access to the 'System: User Manager: Add Privileges' page.
+##|*WARN=standard-warning-root
 ##|*MATCH=system_usermanager_addprivs.php*
 ##|-PRIV
 
@@ -110,6 +111,20 @@ function build_priv_list() {
 	return($list);
 }
 
+function get_root_priv_item_text() {
+	global $priv_list;
+
+	$priv_text = "";
+
+	foreach ($priv_list as $pname => $pdata) {
+		if (isset($pdata['warn']) && ($pdata['warn'] == 'standard-warning-root')) {
+			$priv_text .= '<br/>' . $pdata['name'];
+		}
+	}
+
+	return($priv_text);
+}
+
 /* if ajax is calling, give them an update message */
 if (isAjax()) {
 	print_info_box($savemsg, 'success');
@@ -161,6 +176,19 @@ $section->addInput(new Form_Input(
 	null
 ))->setHelp('Show only the choices containing this term');
 
+$section->addInput(new Form_StaticText(
+	gettext('Privilege information'),
+	'<span class="help-block">'.
+	gettext('The following privileges effectively give the user root privilege ' .
+		' because the user gains access to execute general commands, edit system files, ' .
+		' modify users, change passwords or similar:') .
+	'<br/>' .
+	get_root_priv_item_text() .
+	'<br/><br/>' .
+	gettext('Please take care when granting these privileges.') .
+	'</span>'
+));
+
 $btnfilter = new Form_Button(
 	'btnfilter',
 	'Filter',
@@ -215,7 +243,11 @@ events.push(function() {
 			if (in_array($pname, $a_user['priv'])) {
 				continue;
 			}
-			$desc = addslashes(preg_replace("/pfSense/i", $g['product_name'], $pdata['descr']));
+			$desc = preg_replace("/pfSense/i", $g['product_name'], $pdata['descr']);
+			if (isset($pdata['warn']) && ($pdata['warn'] == 'standard-warning-root')) {
+				$desc .= ' ' . gettext('(This privilege effectively gives root privilege to the user)');
+			}
+			$desc = addslashes($desc);
 			$jdescs .= "descs[{$id}] = '{$desc}';\n";
 			$id++;
 		}
diff --git a/src/usr/local/www/system_usermanager_settings.php b/src/usr/local/www/system_usermanager_settings.php
index 5a4e322..a6df556 100644
--- a/src/usr/local/www/system_usermanager_settings.php
+++ b/src/usr/local/www/system_usermanager_settings.php
@@ -24,6 +24,7 @@
 ##|*IDENT=page-system-usermanager-settings
 ##|*NAME=System: User Manager: Settings
 ##|*DESCR=Allow access to the 'System: User Manager: Settings' page.
+##|*WARN=standard-warning-root
 ##|*MATCH=system_usermanager_settings.php*
 ##|-PRIV
 
-- 
cgit v1.1