[Koha-patches] [PATCH] Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.
amit gupta
amit.gupta at osslabs.biz
Thu Dec 16 12:19:27 CET 2010
Hi Chris,
I Just created bug 5511 for this.
On Thu, Dec 16, 2010 at 4:03 PM, Chris Cormack <chrisc at catalyst.net.nz>wrote:
> Hi Amit
>
> I think this is a good idea but a couple of things,
>
> Can you make a bug for this, so we can track it. And can you make sure
> the default behaviour is the ipcheck is on. Otherwise this will change
> the existing behaviour for a lot of people, perhaps without them
> noticing. Id prefer things behaved the same until someone goes and
> switches the check off. Rather than everyone having to go switch it back
> on as the behaviour of their Koha has suddenly just changed when they
> upgrade.
>
> Chris
>
> * Amit Gupta (amit.gupta at osslabs.biz) wrote:
> > ---
> > C4/Auth.pm | 5 +++--
> > installer/data/mysql/en/mandatory/sysprefs.sql | 2 ++
> > installer/data/mysql/updatedatabase.pl | 6 ++++++
> > .../prog/en/modules/admin/preferences/admin.pref | 9 ++++++++-
> > kohaversion.pl | 2 +-
> > 5 files changed, 20 insertions(+), 4 deletions(-)
> >
> > diff --git a/C4/Auth.pm b/C4/Auth.pm
> > index 2f13b86..7b0233b 100644
> > --- a/C4/Auth.pm
> > +++ b/C4/Auth.pm
> > @@ -913,6 +913,7 @@ sub checkauth {
> > login => 1,
> > INPUTS => \@inputs,
> > casAuthentication =>
> C4::Context->preference("casAuthentication"),
> > + remoteipcheck => C4::Context->preference("remoteipcheck"),
> > suggestion => C4::Context->preference("suggestion"),
> > virtualshelves =>
> C4::Context->preference("virtualshelves"),
> > LibraryName => C4::Context->preference("LibraryName"),
> > @@ -1061,7 +1062,7 @@ sub check_api_auth {
> > $userid = undef;
> > $sessionID = undef;
> > return ("expired", undef, undef);
> > - } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
> > + } elsif ( C4::Context->preference('remoteipcheck') && $ip ne
> $ENV{'REMOTE_ADDR'} ) {
> > # IP address changed
> > $session->delete();
> > C4::Context->_unset_userenv($sessionID);
> > @@ -1287,7 +1288,7 @@ sub check_cookie_auth {
> > $userid = undef;
> > $sessionID = undef;
> > return ("expired", undef);
> > - } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
> > + } elsif ( C4::Context->preference('remoteipcheck') && $ip ne
> $ENV{'REMOTE_ADDR'} ) {
> > # IP address changed
> > $session->delete();
> > C4::Context->_unset_userenv($sessionID);
> > diff --git a/installer/data/mysql/en/mandatory/sysprefs.sql
> b/installer/data/mysql/en/mandatory/sysprefs.sql
> > index 1806657..48415f5 100644
> > --- a/installer/data/mysql/en/mandatory/sysprefs.sql
> > +++ b/installer/data/mysql/en/mandatory/sysprefs.sql
> > @@ -278,3 +278,5 @@ INSERT INTO `systempreferences`
> (variable,value,explanation,options,type) VALUES
> > INSERT INTO `systempreferences`
> (variable,value,explanation,options,type)
> VALUES('ILS-DI:AuthorizedIPs','','.','Restricts usage of ILS-DI to some
> IPs','Free');
> > INSERT INTO `systempreferences`
> (variable,value,explanation,options,type) VALUES
> ('OverduesBlockCirc','noblock','When checking out an item should overdues
> block checkout, generate a confirmation dialogue, or allow
> checkout','noblock|confirmation|block','Choice');
> > INSERT INTO `systempreferences`
> (variable,value,explanation,options,type) VALUES
> ('DisplayMultiPlaceHold','1','Display the ability to place multiple holds or
> not','','YesNo');
> > +INSERT INTO `systempreferences`
> (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check
> for Change in Remote IP address for Session Security . Disable when remote
> ip address changes frequently.','','YesNo');
> > +
> > diff --git a/installer/data/mysql/updatedatabase.plb/installer/data/mysql/
> updatedatabase.pl
> > index ac272ce..093ddfb 100755
> > --- a/installer/data/mysql/updatedatabase.pl
> > +++ b/installer/data/mysql/updatedatabase.pl
> > @@ -3915,6 +3915,12 @@ if (C4::Context->preference("Version") <
> TransformToNum($DBversion)) {
> > SetVersion ($DBversion);
> > }
> >
> > +$DBversion = '3.03.00.010';
> > +if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
> > + $dbh->do("INSERT INTO `systempreferences`
> (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check
> for Change in Remote IP address for Session Security. Disable when remote
> ip address changes frequently.','','YesNo')");
> > + print "Upgrade to $DBversion done adding syspref Check for Change in
> Remote IP address for Session Security. Disable when remote ip address
> changes frequently.";
> > + SetVersion ($DBversion);
> > +}
> >
> >
> > =head1 FUNCTIONS
> > diff --git
> a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
> b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
> > index 3ef972b..dd1dac2 100644
> > ---
> a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
> > +++
> b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
> > @@ -41,7 +41,14 @@ Administration:
> > no: "Don't allow"
> > - staff and patrons to create and view saved lists of books.
> > Login options:
> > - -
> > + -
> > + - pref: remoteipcheck
> > + default: 0
> > + choices:
> > + yes: Enable
> > + no: "Disable"
> > + - Check for Change in Remote IP address for Session
> Security. Disable when remote ip address changes frequently.
> > + -
> > - pref: insecure
> > default: 0
> > choices:
> > diff --git a/kohaversion.pl b/kohaversion.pl
> > index a6e56b3..ad61294 100644
> > --- a/kohaversion.pl
> > +++ b/kohaversion.pl
> > @@ -16,7 +16,7 @@ the kohaversion is divided in 4 parts :
> > use strict;
> >
> > sub kohaversion {
> > - our $VERSION = '3.03.00.009';
> > + our $VERSION = '3.03.00.010';
> > # version needs to be set this way
> > # so that it can be picked up by Makefile.PL
> > # during install
> > --
> > 1.6.4.2
> >
> > _______________________________________________
> > Koha-patches mailing list
> > Koha-patches at lists.koha-community.org
> > http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-patches
> > website : http://www.koha-community.org/
> > git : http://git.koha-community.org/
> > bugs : http://bugs.koha-community.org/
>
> --
> Chris Cormack
> Catalyst IT Ltd.
> +64 4 803 2238
> PO Box 11-053, Manners St, Wellington 6142, New Zealand
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAk0J6ugACgkQZgbcHEvgMLOY+ACfVZ+jevGQ9Qi58OCJ9aVdddiC
> wUYAoIaSYt2hYyuRaWOTsxN8ZOwA4Xip
> =SM83
> -----END PGP SIGNATURE-----
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/koha-patches/attachments/20101216/fa847736/attachment-0001.htm>
More information about the Koha-patches
mailing list