[Koha-patches] [PATCH] Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.

amit gupta amit.gupta at osslabs.biz
Thu Dec 16 12:19:27 CET 2010 

Hi Chris,

I Just created bug 5511 for this.

On Thu, Dec 16, 2010 at 4:03 PM, Chris Cormack <chrisc at catalyst.net.nz>wrote:

> Hi Amit
>
> I think this is a good idea but a couple of things,
>
> Can you make a bug for this, so we can track it. And can you make sure
> the default behaviour is the ipcheck is on. Otherwise this will change
> the existing behaviour for a lot of people, perhaps without them
> noticing. Id prefer things behaved the same until someone goes and
> switches the check off. Rather than everyone having to go switch it back
> on as the behaviour of their Koha has suddenly just changed when they
> upgrade.
>
> Chris
>
> * Amit Gupta (amit.gupta at osslabs.biz) wrote:
> > ---
> >  C4/Auth.pm                                         |    5 +++--
> >  installer/data/mysql/en/mandatory/sysprefs.sql     |    2 ++
> >  installer/data/mysql/updatedatabase.pl             |    6 ++++++
> >  .../prog/en/modules/admin/preferences/admin.pref   |    9 ++++++++-
> >  kohaversion.pl                                     |    2 +-
> >  5 files changed, 20 insertions(+), 4 deletions(-)
> >
> > diff --git a/C4/Auth.pm b/C4/Auth.pm
> > index 2f13b86..7b0233b 100644
> > --- a/C4/Auth.pm
> > +++ b/C4/Auth.pm
> > @@ -913,6 +913,7 @@ sub checkauth {
> >      login        => 1,
> >          INPUTS               => \@inputs,
> >          casAuthentication    =>
> C4::Context->preference("casAuthentication"),
> > +     remoteipcheck        => C4::Context->preference("remoteipcheck"),
> >          suggestion           => C4::Context->preference("suggestion"),
> >          virtualshelves       =>
> C4::Context->preference("virtualshelves"),
> >          LibraryName          => C4::Context->preference("LibraryName"),
> > @@ -1061,7 +1062,7 @@ sub check_api_auth {
> >                  $userid    = undef;
> >                  $sessionID = undef;
> >                  return ("expired", undef, undef);
> > -            } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
> > +            } elsif ( C4::Context->preference('remoteipcheck') && $ip ne
> $ENV{'REMOTE_ADDR'} ) {
> >                  # IP address changed
> >                  $session->delete();
> >                  C4::Context->_unset_userenv($sessionID);
> > @@ -1287,7 +1288,7 @@ sub check_cookie_auth {
> >              $userid    = undef;
> >              $sessionID = undef;
> >              return ("expired", undef);
> > -        } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
> > +        } elsif ( C4::Context->preference('remoteipcheck') && $ip ne
> $ENV{'REMOTE_ADDR'} ) {
> >              # IP address changed
> >              $session->delete();
> >              C4::Context->_unset_userenv($sessionID);
> > diff --git a/installer/data/mysql/en/mandatory/sysprefs.sql
> b/installer/data/mysql/en/mandatory/sysprefs.sql
> > index 1806657..48415f5 100644
> > --- a/installer/data/mysql/en/mandatory/sysprefs.sql
> > +++ b/installer/data/mysql/en/mandatory/sysprefs.sql
> > @@ -278,3 +278,5 @@ INSERT INTO `systempreferences`
> (variable,value,explanation,options,type) VALUES
> >  INSERT INTO `systempreferences`
> (variable,value,explanation,options,type)
> VALUES('ILS-DI:AuthorizedIPs','','.','Restricts usage of ILS-DI to some
> IPs','Free');
> >  INSERT INTO `systempreferences`
> (variable,value,explanation,options,type) VALUES
> ('OverduesBlockCirc','noblock','When checking out an item should overdues
> block checkout, generate a confirmation dialogue, or allow
> checkout','noblock|confirmation|block','Choice');
> >  INSERT INTO `systempreferences`
> (variable,value,explanation,options,type) VALUES
> ('DisplayMultiPlaceHold','1','Display the ability to place multiple holds or
> not','','YesNo');
> > +INSERT INTO `systempreferences`
> (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check
> for Change in Remote IP address for Session Security . Disable when remote
> ip address changes frequently.','','YesNo');
> > +
> > diff --git a/installer/data/mysql/updatedatabase.plb/installer/data/mysql/
> updatedatabase.pl
> > index ac272ce..093ddfb 100755
> > --- a/installer/data/mysql/updatedatabase.pl
> > +++ b/installer/data/mysql/updatedatabase.pl
> > @@ -3915,6 +3915,12 @@ if (C4::Context->preference("Version") <
> TransformToNum($DBversion)) {
> >      SetVersion ($DBversion);
> >  }
> >
> > +$DBversion = '3.03.00.010';
> > +if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
> > +    $dbh->do("INSERT INTO `systempreferences`
> (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check
> for Change in  Remote IP address for Session Security. Disable when remote
> ip address changes frequently.','','YesNo')");
> > +    print "Upgrade to $DBversion done adding syspref Check for Change in
>  Remote IP address for Session Security. Disable when remote ip address
> changes frequently.";
> > +    SetVersion ($DBversion);
> > +}
> >
> >
> >  =head1 FUNCTIONS
> > diff --git
> a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
> b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
> > index 3ef972b..dd1dac2 100644
> > ---
> a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
> > +++
> b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
> > @@ -41,7 +41,14 @@ Administration:
> >                    no: "Don't allow"
> >              - staff and patrons to create and view saved lists of books.
> >      Login options:
> > -        -
> > +     -
> > +            - pref: remoteipcheck
> > +              default: 0
> > +              choices:
> > +                  yes: Enable
> > +                  no: "Disable"
> > +            - Check for Change in Remote IP address for Session
> Security. Disable when remote ip address changes frequently.
> > +             -
> >              - pref: insecure
> >                default: 0
> >                choices:
> > diff --git a/kohaversion.pl b/kohaversion.pl
> > index a6e56b3..ad61294 100644
> > --- a/kohaversion.pl
> > +++ b/kohaversion.pl
> > @@ -16,7 +16,7 @@ the kohaversion is divided in 4 parts :
> >  use strict;
> >
> >  sub kohaversion {
> > -    our $VERSION = '3.03.00.009';
> > +    our $VERSION = '3.03.00.010';
> >      # version needs to be set this way
> >      # so that it can be picked up by Makefile.PL
> >      # during install
> > --
> > 1.6.4.2
> >
> > _______________________________________________
> > Koha-patches mailing list
> > Koha-patches at lists.koha-community.org
> > http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-patches
> > website : http://www.koha-community.org/
> > git : http://git.koha-community.org/
> > bugs : http://bugs.koha-community.org/
>
> --
> Chris Cormack
> Catalyst IT Ltd.
> +64 4 803 2238
> PO Box 11-053, Manners St, Wellington 6142, New Zealand
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEARECAAYFAk0J6ugACgkQZgbcHEvgMLOY+ACfVZ+jevGQ9Qi58OCJ9aVdddiC
> wUYAoIaSYt2hYyuRaWOTsxN8ZOwA4Xip
> =SM83
> -----END PGP SIGNATURE-----
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/koha-patches/attachments/20101216/fa847736/attachment-0001.htm>

More information about the Koha-patches mailing list