From 597e4c7c6862135a9d40be14c18c6ff18af8a25e Mon Sep 17 00:00:00 2001 From: Xavier Guimard Date: Wed, 22 Feb 2017 22:16:43 +0000 Subject: [PATCH] Refuse to use DevOps when useSafeJail=0 (#1091) --- .../lib/Lemonldap/NG/Handler/Lib/DevOps.pm | 30 ++++++++++++------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm index d924710e2..c94157a5b 100644 --- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm +++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/DevOps.pm @@ -24,24 +24,32 @@ sub grant { { $class->loadVhostConfig($vhost); } - return $class->Lemonldap::NG::Handler::Main::grant( $session, $uri, $cond, $vhost ); + return $class->Lemonldap::NG::Handler::Main::grant( $session, $uri, $cond, + $vhost ); } sub loadVhostConfig { my ( $class, $vhost ) = @_; - my $base = $class->localConfig->{loopBackUrl} || "http://127.0.0.1:" . $class->get_server_port; - my $req = - HTTP::Request->new( - GET => "$base/rules.json" ); - $req->header( Host => $vhost ); - my $resp = $class->ua->request($req); my $json; - if ( $resp->is_success ) { - eval { $json = from_json( $resp->content ) }; - if ($@) { - $class->logger->error("Bad rules.json for $vhost, skipping ($@)"); + if ( $class->tsv->{useSafeJail} ) { + my $base = $class->localConfig->{loopBackUrl} + || "http://127.0.0.1:" . $class->get_server_port; + my $req = HTTP::Request->new( GET => "$base/rules.json" ); + $req->header( Host => $vhost ); + my $resp = $class->ua->request($req); + if ( $resp->is_success ) { + eval { $json = from_json( $resp->content ) }; + if ($@) { + $class->logger->error( + "Bad rules.json for $vhost, skipping ($@)"); + } } } + else { + $class->logger->error( +q"I refuse to compile rules.json when useSafeJail isn't activated! Yes I know, I'm a coward..." + ); + } $json->{rules} ||= { default => 1 }; $json->{headers} //= { 'Auth-User' => '$uid' }; $class->locationRulesInit( undef, { $vhost => $json->{rules} } );