[Koha-patches] [PATCH 1/2] Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.
Chris Cormack
chrisc at catalyst.net.nz
Fri Jul 8 01:32:42 CEST 2011
From: Amit Gupta <amit.gupta at osslabs.biz>
http://bugs.koha-community.org/show_bug.cgi?id=5511
---
C4/Auth.pm | 5 +++--
installer/data/mysql/en/mandatory/sysprefs.sql | 1 +
installer/data/mysql/updatedatabase.pl | 10 ++++++++++
.../prog/en/modules/admin/preferences/admin.pref | 9 ++++++++-
4 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/C4/Auth.pm b/C4/Auth.pm
index b6ec69a..eaf6145 100644
--- a/C4/Auth.pm
+++ b/C4/Auth.pm
@@ -947,6 +947,7 @@ sub checkauth {
login => 1,
INPUTS => \@inputs,
casAuthentication => C4::Context->preference("casAuthentication"),
+ remoteipcheck => C4::Context->preference("remoteipcheck"),
suggestion => C4::Context->preference("suggestion"),
virtualshelves => C4::Context->preference("virtualshelves"),
LibraryName => C4::Context->preference("LibraryName"),
@@ -1098,7 +1099,7 @@ sub check_api_auth {
$userid = undef;
$sessionID = undef;
return ("expired", undef, undef);
- } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
+ } elsif ( C4::Context->preference('remoteipcheck') && $ip ne $ENV{'REMOTE_ADDR'} ) {
# IP address changed
$session->delete();
C4::Context->_unset_userenv($sessionID);
@@ -1324,7 +1325,7 @@ sub check_cookie_auth {
$userid = undef;
$sessionID = undef;
return ("expired", undef);
- } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
+ } elsif ( C4::Context->preference('remoteipcheck') && $ip ne $ENV{'REMOTE_ADDR'} ) {
# IP address changed
$session->delete();
C4::Context->_unset_userenv($sessionID);
diff --git a/installer/data/mysql/en/mandatory/sysprefs.sql b/installer/data/mysql/en/mandatory/sysprefs.sql
index 0abf9d8..4c98249 100755
--- a/installer/data/mysql/en/mandatory/sysprefs.sql
+++ b/installer/data/mysql/en/mandatory/sysprefs.sql
@@ -314,3 +314,4 @@ INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('OpacHiddenItems','','This syspref allows to define custom rules for hiding specific items at opac. See docs/opac/OpacHiddenItems.txt for more informations.','','Textarea');
INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('numSearchRSSResults',50,'Specify the maximum number of results to display on a RSS page of results',NULL,'Integer');
INSERT INTO systempreferences (variable,value,explanation,options,type) VALUES ('OpacRenewalBranch','checkoutbranch','Choose how the branch for an OPAC renewal is recorded in statistics','itemhomebranch|patronhomebranch|checkoutbranch|null','Choice');
+INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check for Change in Remote IP address for Session Security . Disable when remote ip address changes frequently.','','YesNo');
diff --git a/installer/data/mysql/updatedatabase.pl b/installer/data/mysql/updatedatabase.pl
index 8fb9656..87ea1ef 100755
--- a/installer/data/mysql/updatedatabase.pl
+++ b/installer/data/mysql/updatedatabase.pl
@@ -4251,6 +4251,7 @@ $DBversion = '3.03.00.044';
if ( C4::Context->preference("Version") < TransformToNum($DBversion) ) {
$dbh->do("ALTER TABLE `aqbasketgroups` ADD `freedeliveryplace` TEXT NULL AFTER `deliveryplace`;");
print "Upgrade to $DBversion done (adding freedeliveryplace to basketgroups)\n";
+ SetVersion ($DBversion);
}
$DBversion = '3.03.00.045';
@@ -4370,6 +4371,15 @@ if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
SetVersion($DBversion);
}
+$DBversion = '3.05.00.XXX';
+if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
+ $dbh->do("INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.','','YesNo')");
+ print "Upgrade to $DBversion done adding syspref Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.";
+ SetVersion ($DBversion);
+}
+
+
+
=head1 FUNCTIONS
=head2 DropAllForeignKeys($table)
diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
index a2ecc5c..eb0b45e 100644
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
@@ -41,7 +41,14 @@ Administration:
no: "Don't allow"
- staff and patrons to create and view saved lists of books.
Login options:
- -
+ -
+ - pref: remoteipcheck
+ default: 0
+ choices:
+ yes: Enable
+ no: "Disable"
+ - Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.
+ -
- pref: insecure
default: 0
choices:
--
1.7.4.1
More information about the Koha-patches
mailing list