[Koha-patches] [PATCH 1/2] Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.

Chris Cormack chrisc at catalyst.net.nz
Fri Jul 8 01:32:42 CEST 2011 

From: Amit Gupta <amit.gupta at osslabs.biz>

http://bugs.koha-community.org/show_bug.cgi?id=5511
---
 C4/Auth.pm                                         |    5 +++--
 installer/data/mysql/en/mandatory/sysprefs.sql     |    1 +
 installer/data/mysql/updatedatabase.pl             |   10 ++++++++++
 .../prog/en/modules/admin/preferences/admin.pref   |    9 ++++++++-
 4 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/C4/Auth.pm b/C4/Auth.pm
index b6ec69a..eaf6145 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -947,6 +947,7 @@ sub checkauth {
     login        => 1,
         INPUTS               => \@inputs,
         casAuthentication    => C4::Context->preference("casAuthentication"),
+	remoteipcheck        => C4::Context->preference("remoteipcheck"),
         suggestion           => C4::Context->preference("suggestion"),
         virtualshelves       => C4::Context->preference("virtualshelves"),
         LibraryName          => C4::Context->preference("LibraryName"),
@@ -1098,7 +1099,7 @@ sub check_api_auth {
                 $userid    = undef;
                 $sessionID = undef;
                 return ("expired", undef, undef);
-            } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
+            } elsif ( C4::Context->preference('remoteipcheck') && $ip ne $ENV{'REMOTE_ADDR'} ) {
                 # IP address changed
                 $session->delete();
                 C4::Context->_unset_userenv($sessionID);
@@ -1324,7 +1325,7 @@ sub check_cookie_auth {
             $userid    = undef;
             $sessionID = undef;
             return ("expired", undef);
-        } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
+        } elsif ( C4::Context->preference('remoteipcheck') && $ip ne $ENV{'REMOTE_ADDR'} ) {
             # IP address changed
             $session->delete();
             C4::Context->_unset_userenv($sessionID);
diff --git a/installer/data/mysql/en/mandatory/sysprefs.sql b/installer/data/mysql/en/mandatory/sysprefs.sql
index 0abf9d8..4c98249 100755
--- a/installer/data/mysql/en/mandatory/sysprefs.sql
+++ b/installer/data/mysql/en/mandatory/sysprefs.sql
@@ -314,3 +314,4 @@ INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES
 INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OpacHiddenItems','','This syspref allows to define custom rules for hiding specific items at opac. See docs/opac/OpacHiddenItems.txt for more informations.','','Textarea');
 INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('numSearchRSSResults',50,'Specify the maximum number of results to display on a RSS page of results',NULL,'Integer');
 INSERT INTO systempreferences (variable,value,explanation,options,type) VALUES ('OpacRenewalBranch','checkoutbranch','Choose how the branch for an OPAC renewal is recorded in statistics','itemhomebranch|patronhomebranch|checkoutbranch|null','Choice');
+INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check for Change in Remote IP address for Session Security . Disable when remote ip address changes frequently.','','YesNo');
diff --git a/installer/data/mysql/updatedatabase.pl b/installer/data/mysql/updatedatabase.pl
index 8fb9656..87ea1ef 100755
--- a/installer/data/mysql/updatedatabase.pl
+++ b/installer/data/mysql/updatedatabase.pl
@@ -4251,6 +4251,7 @@ $DBversion = '3.03.00.044';
 if ( C4::Context->preference("Version") < TransformToNum($DBversion) ) {
     $dbh->do("ALTER TABLE `aqbasketgroups` ADD `freedeliveryplace` TEXT NULL AFTER `deliveryplace`;");
     print "Upgrade to $DBversion done (adding freedeliveryplace to basketgroups)\n";
+	SetVersion ($DBversion);    
 }
 
 $DBversion = '3.03.00.045';
@@ -4370,6 +4371,15 @@ if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
     SetVersion($DBversion);
 }
 
+$DBversion = '3.05.00.XXX';
+if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
+    $dbh->do("INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check for Change in  Remote IP address for Session Security. Disable when remote ip address changes frequently.','','YesNo')");
+    print "Upgrade to $DBversion done adding syspref Check for Change in  Remote IP address for Session Security. Disable when remote ip address changes frequently.";
+    SetVersion ($DBversion);
+}
+
+
+
 =head1 FUNCTIONS
 
 =head2 DropAllForeignKeys($table)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
index a2ecc5c..eb0b45e 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
@@ -41,7 +41,14 @@ Administration:
                   no: "Don't allow"
             - staff and patrons to create and view saved lists of books.
     Login options:
-        -
+	-
+            - pref: remoteipcheck
+              default: 0
+              choices:
+                  yes: Enable
+                  no: "Disable"
+            - Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.
+      	-
             - pref: insecure
               default: 0
               choices:
-- 
1.7.4.1

More information about the Koha-patches mailing list