[Koha-patches] [PATCH] Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.
Chris Cormack
chrisc at catalyst.net.nz
Thu Dec 16 11:33:12 CET 2010
Hi Amit
I think this is a good idea but a couple of things,
Can you make a bug for this, so we can track it. And can you make sure
the default behaviour is the ipcheck is on. Otherwise this will change
the existing behaviour for a lot of people, perhaps without them
noticing. Id prefer things behaved the same until someone goes and
switches the check off. Rather than everyone having to go switch it back
on as the behaviour of their Koha has suddenly just changed when they
upgrade.
Chris
* Amit Gupta (amit.gupta at osslabs.biz) wrote:
> ---
> C4/Auth.pm | 5 +++--
> installer/data/mysql/en/mandatory/sysprefs.sql | 2 ++
> installer/data/mysql/updatedatabase.pl | 6 ++++++
> .../prog/en/modules/admin/preferences/admin.pref | 9 ++++++++-
> kohaversion.pl | 2 +-
> 5 files changed, 20 insertions(+), 4 deletions(-)
>
> diff --git a/C4/Auth.pm b/C4/Auth.pm
> index 2f13b86..7b0233b 100644
> --- a/C4/Auth.pm
> +++ b/C4/Auth.pm
> @@ -913,6 +913,7 @@ sub checkauth {
> login => 1,
> INPUTS => \@inputs,
> casAuthentication => C4::Context->preference("casAuthentication"),
> + remoteipcheck => C4::Context->preference("remoteipcheck"),
> suggestion => C4::Context->preference("suggestion"),
> virtualshelves => C4::Context->preference("virtualshelves"),
> LibraryName => C4::Context->preference("LibraryName"),
> @@ -1061,7 +1062,7 @@ sub check_api_auth {
> $userid = undef;
> $sessionID = undef;
> return ("expired", undef, undef);
> - } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
> + } elsif ( C4::Context->preference('remoteipcheck') && $ip ne $ENV{'REMOTE_ADDR'} ) {
> # IP address changed
> $session->delete();
> C4::Context->_unset_userenv($sessionID);
> @@ -1287,7 +1288,7 @@ sub check_cookie_auth {
> $userid = undef;
> $sessionID = undef;
> return ("expired", undef);
> - } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
> + } elsif ( C4::Context->preference('remoteipcheck') && $ip ne $ENV{'REMOTE_ADDR'} ) {
> # IP address changed
> $session->delete();
> C4::Context->_unset_userenv($sessionID);
> diff --git a/installer/data/mysql/en/mandatory/sysprefs.sql b/installer/data/mysql/en/mandatory/sysprefs.sql
> index 1806657..48415f5 100644
> --- a/installer/data/mysql/en/mandatory/sysprefs.sql
> +++ b/installer/data/mysql/en/mandatory/sysprefs.sql
> @@ -278,3 +278,5 @@ INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES
> INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('ILS-DI:AuthorizedIPs','','.','Restricts usage of ILS-DI to some IPs','Free');
> INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES ('OverduesBlockCirc','noblock','When checking out an item should overdues block checkout, generate a confirmation dialogue, or allow checkout','noblock|confirmation|block','Choice');
> INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES ('DisplayMultiPlaceHold','1','Display the ability to place multiple holds or not','','YesNo');
> +INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check for Change in Remote IP address for Session Security . Disable when remote ip address changes frequently.','','YesNo');
> +
> diff --git a/installer/data/mysql/updatedatabase.pl b/installer/data/mysql/updatedatabase.pl
> index ac272ce..093ddfb 100755
> --- a/installer/data/mysql/updatedatabase.pl
> +++ b/installer/data/mysql/updatedatabase.pl
> @@ -3915,6 +3915,12 @@ if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
> SetVersion ($DBversion);
> }
>
> +$DBversion = '3.03.00.010';
> +if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
> + $dbh->do("INSERT INTO `systempreferences` (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.','','YesNo')");
> + print "Upgrade to $DBversion done adding syspref Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.";
> + SetVersion ($DBversion);
> +}
>
>
> =head1 FUNCTIONS
> diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
> index 3ef972b..dd1dac2 100644
> --- a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
> +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
> @@ -41,7 +41,14 @@ Administration:
> no: "Don't allow"
> - staff and patrons to create and view saved lists of books.
> Login options:
> - -
> + -
> + - pref: remoteipcheck
> + default: 0
> + choices:
> + yes: Enable
> + no: "Disable"
> + - Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.
> + -
> - pref: insecure
> default: 0
> choices:
> diff --git a/kohaversion.pl b/kohaversion.pl
> index a6e56b3..ad61294 100644
> --- a/kohaversion.pl
> +++ b/kohaversion.pl
> @@ -16,7 +16,7 @@ the kohaversion is divided in 4 parts :
> use strict;
>
> sub kohaversion {
> - our $VERSION = '3.03.00.009';
> + our $VERSION = '3.03.00.010';
> # version needs to be set this way
> # so that it can be picked up by Makefile.PL
> # during install
> --
> 1.6.4.2
>
> _______________________________________________
> Koha-patches mailing list
> Koha-patches at lists.koha-community.org
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-patches
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
--
Chris Cormack
Catalyst IT Ltd.
+64 4 803 2238
PO Box 11-053, Manners St, Wellington 6142, New Zealand
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: </pipermail/koha-patches/attachments/20101216/8f874dd5/attachment-0001.pgp>
More information about the Koha-patches
mailing list