search

nilsteampassnet / TeamPass

Collaborative Passwords Manager
https://www.teampass.net
1.65k stars 537 forks source link

Offline mode file bypass read right restrictions #2174

Closed gaglimax closed 6 years ago

gaglimax commented 6 years ago

Hi ! I think there is a bug with the offline mode.

Steps to reproduce

  1. Enable offline mode.
  2. Create a folder "Folder" under the root.
  3. Create a folder "Subfolder" under "Folder".
  4. Create a role "Role1" allowing writing on "Folder" and "Subfolder".
  5. Create a role "Role2" allowing writing on "Subfolder" only (no access on "Floder").
  6. Create a user "user" with the role "Role2".
  7. Create a user "Manager" with the role "Role1" and the manager status.
  8. Log with "Manager" and create an item in "Folder" and another one in "Subfolder".
  9. Log with "User". You should be able to see items only in "Subfolder", but not in "Folder".
  10. Generate an offline mode file.

Expected behaviour

You shouldn't be able to select "Folder" when you generate the offline mode file.

Actual behaviour

You can select both "Folder" and "Subfolder", and all items are readable in the offline mode file for the user "user".

Server configuration

Operating system: Linux debian 4.9.0-6-amd64 #1 SMP Debian 4.9.82-1+deb9u3 (2018-03-02) x86_64

Web server: Apache/2.4.25 (Debian)

Database: 5.7.21

PHP version: 7.0.27-0+deb9u1

Teampass version: 2.1.27.11

Teampass configuration file:

'max_latest_items' => '10',
'enable_favourites' => '1',
'show_last_items' => '1',
'enable_pf_feature' => '0',
'log_connections' => '0',
'log_accessed' => '1',
'time_format' => 'H:i:s',
'date_format' => 'd/m/Y',
'duplicate_folder' => '0',
'item_duplicate_in_same_folder' => '0',
'duplicate_item' => '0',
'number_of_used_pw' => '3',
'manager_edit' => '1',
'cpassman_dir' => '/var/www/html/teampass',
'cpassman_url' => 'https://<anonym_url>/teampass
'favicon' => 'https://<anonym_url>/teampass/favicon.ico',
'path_to_upload_folder' => '/var/www/html/teampass/upload',
'url_to_upload_folder' => 'https://<anonym_url>/teampass/upload',
'path_to_files_folder' => '/var/www/html/teampass/files',
'url_to_files_folder' => 'https://<anonym_url>/teampass/files',
'activate_expiration' => '0',
'pw_life_duration' => '0',
'maintenance_mode' => '0',
'enable_sts' => '0',
'encryptClientServer' => '1',
'cpassman_version' => '2.1.27',
'ldap_mode' => '0',
'ldap_type' => '0',
'ldap_suffix' => '0',
'ldap_domain_dn' => '0',
'ldap_domain_controler' => '0',
'ldap_user_attribute' => '0',
'ldap_ssl' => '0',
'ldap_tls' => '0',
'ldap_elusers' => '0',
'ldap_search_base' => '0',
'ldap_port' => '389',
'richtext' => '0',
'allow_print' => '0',
'roles_allowed_to_print' => '0',
'show_description' => '1',
'anyone_can_modify' => '0',
'anyone_can_modify_bydefault' => '0',
'nb_bad_authentication' => '0',
'utf8_enabled' => '1',
'restricted_to' => '0',
'restricted_to_roles' => '1',
'enable_send_email_on_user_login' => '0',
'enable_user_can_create_folders' => '0',
'insert_manual_entry_item_history' => '0',
'enable_kb' => '0',
'enable_email_notification_on_item_shown' => '0',
'enable_email_notification_on_user_pw_change' => '0',
'custom_logo' => '',
'custom_login_text' => '',
'default_language' => 'english',
'send_stats' => '0',
'send_statistics_items' => 'stat_country;stat_users;stat_items;stat_items_shared;stat_folders;stat_folders_shared;stat_admins;stat_managers;stat_ro;stat_mysqlversion;stat_phpversion;stat_teampassversion;stat_languages;stat_kb;stat_suggestion;stat_customfields;stat_api;stat_2fa;stat_agses;stat_duo;stat_ldap;stat_syslog;stat_stricthttps;stat_fav;stat_pf;',
'send_stats_time' => '1519562629',
'get_tp_info' => '1',
'send_mail_on_user_login' => '0',
'sending_emails' => '0',
'nb_items_by_query' => 'auto',
'enable_delete_after_consultation' => '0',
'enable_personal_saltkey_cookie' => '0',
'personal_saltkey_cookie_duration' => '31',
'email_smtp_server' => 'smtp.gmail.com',
'email_smtp_auth' => '1',
'email_auth_username' => '*******@gmail.com',
'email_auth_pwd' => '*******',
'email_port' => '587',
'email_security' => 'tls',
'email_server_url' => '',
'email_from' => 'contact@teampass.com',
'email_from_name' => 'Teampass Server',
'pwd_maximum_length' => '40',
'google_authentication' => '0',
'delay_item_edition' => '0',
'allow_import' => '0',
'proxy_ip' => '',
'proxy_port' => '',
'upload_maxfilesize' => '10mb',
'upload_docext' => 'doc,docx,dotx,xls,xlsx,xltx,rtf,csv,txt,pdf,ppt,pptx,pot,dotx,xltx',
'upload_imagesext' => 'jpg,jpeg,gif,png',
'upload_pkgext' => '7z,rar,tar,zip',
'upload_otherext' => 'sql,xml',
'upload_imageresize_options' => '1',
'upload_imageresize_width' => '800',
'upload_imageresize_height' => '600',
'upload_imageresize_quality' => '90',
'use_md5_password_as_salt' => '0',
'ga_website_name' => 'TeamPass for ChangeMe',
'api' => '0',
'subfolder_rights_as_parent' => '0',
'show_only_accessible_folders' => '1',
'enable_suggestion' => '1',
'otv_expiration_period' => '7',
'default_session_expiration_time' => '60',
'duo' => '0',
'enable_server_password_change' => '0',
'ldap_object_class' => '0',
'bck_script_path' => '/var/www/html/teampass/backups',
'bck_script_filename' => 'bck_teampass',
'syslog_enable' => '0',
'syslog_host' => 'localhost',
'syslog_port' => '514',
'manager_move_item' => '0',
'create_item_without_password' => '0',
'otv_is_enabled' => '0',
'agses_authentication_enabled' => '0',
'item_extra_fields' => '0',
'saltkey_ante_2127' => 'none',
'migration_to_2127' => 'done',
'files_with_defuse' => 'done',
'timezone' => 'UTC',
'enable_attachment_encryption' => '1',
'personal_saltkey_security_level' => '50',
'ldap_new_user_is_administrated_by' => '0',
'disable_show_forgot_pwd_link' => '0',
'offline_key_level' => '0',
'enable_http_request_login' => '0',
'ldap_and_local_authentication' => '0',
'settings_offline_mode' => '1',
'use_http_request_login' => '0',

Updated from an older Teampass or fresh install:

Client configuration

Browser: Firefox - 52.0

Operating system: Linux - 64bits

Logs

Web server error log

Constant SECUREPATH already defined - /var/www/html/teampass/includes/config/settings.php (15)

Teampass 10 last system errors

 * 28/03/2018 10:56:17 - Query: INSERT INTO `teampass_log_items` (`id_item`,`date`,`id_user`,`action`,`raison`,`raison_iv`,`encryption_type`) VALUES ('', 1522227377, '10000007', 'at_shown', NULL, NULL, '')<br />Error: Incorrect integer value: '' for column 'id_item' at row 1<br />@ /teampass/sources/items.queries.php
 * 28/03/2018 10:56:16 - Query: INSERT INTO `teampass_cache` (`id`,`label`,`description`,`tags`,`url`,`id_tree`,`perso`,`restricted_to`,`login`,`folder`,`author`,`timestamp`) VALUES ('7', 'test2', '', 'None', '0', '9', '0', '0', 'test2', 'Folder » SubFolder', '10000007', '1522227376')<br />Error: Table 'teampass.teampass_cache' doesn't exist<br />@ /teampass/sources/items.queries.php
 * 28/03/2018 10:55:55 - Query: INSERT INTO `teampass_cache` (`id`,`label`,`description`,`tags`,`url`,`id_tree`,`perso`,`restricted_to`,`login`,`folder`,`author`,`timestamp`) VALUES ('6', 'test1', '', 'None', '0', '8', '0', '0', 'test', 'Folder', '10000007', '1522227355')<br />Error: Table 'teampass.teampass_cache' doesn't exist<br />@ /teampass/sources/items.queries.php
 * 28/03/2018 10:55:55 - Query: INSERT INTO `teampass_log_items` (`id_item`,`date`,`id_user`,`action`,`raison`,`raison_iv`,`encryption_type`) VALUES ('', 1522227355, '10000007', 'at_shown', NULL, NULL, '')<br />Error: Incorrect integer value: '' for column 'id_item' at row 1<br />@ /teampass/sources/items.queries.php
 * 27/03/2018 16:50:25 - Query: INSERT INTO `teampass_cache` (`id`,`label`,`description`,`tags`,`url`,`id_tree`,`perso`,`restricted_to`,`login`,`folder`,`author`,`timestamp`) VALUES ('5', 'testJD', '', 'None', 'http://www.google.fr', '3', '0', '0', 'test', '**** » ESEC', '10000003', '1522162225')<br />Error: Table 'teampass.teampass_cache' doesn't exist<br />@ /teampass/sources/items.queries.php
 * 27/03/2018 15:50:48 - Query: INSERT INTO `teampass_cache` (`id`,`label`,`description`,`tags`,`url`,`id_tree`,`perso`,`restricted_to`,`login`,`folder`,`author`,`timestamp`) VALUES ('4', 'testEW2', '', 'None', '0', '6', '0', '0', 'test', '**** » ESEC » SIEM', '10000001', '1522158648')<br />Error: Table 'teampass.teampass_cache' doesn't exist<br />@ /teampass/sources/items.queries.php
 * 27/03/2018 15:48:08 - Query: INSERT INTO `teampass_cache` (`id`,`label`,`description`,`tags`,`url`,`id_tree`,`perso`,`restricted_to`,`login`,`folder`,`author`,`timestamp`) VALUES ('3', 'testJP', '', 'None', '0', '5', '0', '0', 'test', '**** » ESEC » Pentest', '10000002', '1522158488')<br />Error: Table 'teampass.teampass_cache' doesn't exist<br />@ /teampass/sources/items.queries.php
 * 27/03/2018 15:46:45 - Query: INSERT INTO `teampass_cache` (`id`,`label`,`description`,`tags`,`url`,`id_tree`,`perso`,`restricted_to`,`login`,`folder`,`author`,`timestamp`) VALUES ('2', 'TestCS', '', 'None', '0', '4', '0', '0', 'test', '**** » RH', '10000004', '1522158405')<br />Error: Table 'teampass.teampass_cache' doesn't exist<br />@ /teampass/sources/items.queries.php
 * 27/03/2018 15:44:17 - Query: INSERT INTO `teampass_cache` (`id`,`label`,`description`,`tags`,`url`,`id_tree`,`perso`,`restricted_to`,`login`,`folder`,`author`,`timestamp`) VALUES ('1', 'TestEW', '', 'None', '0', '7', '0', '0', 'user', '****', '10000001', '1522158257')<br />Error: Table 'teampass.teampass_cache' doesn't exist<br />@ /teampass/sources/items.queries.php
 * 27/03/2018 15:20:11 - Query: INSERT INTO `teampass_log_items` (`id_item`,`date`,`id_user`,`action`) VALUES ('', 1522156811, '1', 'at_restored')<br />Error: Incorrect integer value: '' for column 'id_item' at row 1<br />@ /teampass/sources/views.queries.php

Log from the web-browser developer console (CTRL + SHIFT + i)

Insert the log here and especially the answer of the query that failed.
nilsteampassnet commented 6 years ago

This is correct. And is a very old bug. It is now fixed in development branch and will migrate it in package

nilsteampassnet commented 6 years ago

Reopen on need