-
Notifications
You must be signed in to change notification settings - Fork 0
/
RootRestrict.pm
63 lines (50 loc) · 2.08 KB
/
RootRestrict.pm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
package Cpanel::Security::Policy::RootRestrict;
# cpanel - Cpanel/Security/Policy/RootRestrict.pm
#
# Copyright (c) 2011-2012 Ruy Rocha <admin@ruyrocha.com>
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of
# this software and associated documentation files (the "Software"), to deal in the
# Software without restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,
# and to permit persons to whom the Software is furnished to do so, subject to the
# following conditions:
#
# The above copyright notice and this permission notice shall be included in all copies
# or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
# USE OR OTHER DEALINGS IN THE SOFTWARE.
#
use base 'Cpanel::SecurityPolicy::Base';
# Define here your allowed remote addresses
our @allowed_ips = ('69.x.x.x', '192.x.x.x');
sub new {
my ($class) = @_;
# Compiler does not necessarily properly load the base class.
unless ( exists $INC{'Cpanel/SecurityPolicy/Base.pm'} ) {
eval 'require Cpanel::SecurityPolicy::Base;';
}
return Cpanel::SecurityPolicy::Base->init( __PACKAGE__, 20 );
}
sub fails {
my ( $self , $sec_ctxt, $cpconf ) = @_;
if ( $sec_ctxt->{'appname'} eq 'whostmgrd' && $sec_ctxt->{'user'} eq 'root' ) {
return _ip_passes($sec_ctxt->{'remoteip'});
}
return 0;
}
# Return true if this address is valid, false otherwise.
sub _ip_passes {
my $remote_ip = shift;
if ( !$remote_ip ) {
Carp::confess("I am missing the users remote ip. Security Policy requires exec termination.");
}
return 1 if !grep(/$remote_ip$/, @allowed_ips);
return 0;
}
1;