package Cpanel::SecurityPolicy::RestrictRoot;
 
# cpanel - Cpanel/SecurityPolicy/RestrictRoot.pm
#
# Copyright (c) 2011 Ruy Rocha 
#
# Permission is hereby granted, free of charge, to any person obtaining a copy of
# this software and associated documentation files (the "Software"), to deal in the
# Software without restriction, including without limitation the rights to use, copy,
# modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,
# and to permit persons to whom the Software is furnished to do so, subject to the
# following conditions:
#
# The above copyright notice and this permission notice shall be included in all copies
# or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
# USE OR OTHER DEALINGS IN THE SOFTWARE.
#
 
my $priority = 20;
 
sub check {
  my ( $acctref, $sec_ctxt, $cpconf_ref, $cookie_ref ) = @_;
 
  if ( $sec_ctxt->{'appname'} eq 'whostmgrd' && $acctref->{'user'} eq 'root' ) {
    return _ip_passes($sec_ctxt->{'remoteip'});
  }
 
  return 0;
}
 
# Return true if this address is valid, false otherwise.
sub _ip_passes {
  my $remote_ip = shift;
 
  my @allowed_ips = ('187.x.x.x', '17.x.x.x');
 
  if ( !$remote_ip ) {
    Carp::confess("I am missing the users remote ip.  Security Policy requires exec termination.");
  }
 
  return $priority if !grep(/$remote_ip$/, @allowed_ips);
 
  return 0;
 
}
 
1;