[Koha-patches] [PATCH] Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.

amit gupta amit.gupta at osslabs.biz
Thu Dec 16 12:50:36 CET 2010 

Hi Chris,
I will be sending the new patch with the correction.

On Thu, Dec 16, 2010 at 4:49 PM, amit gupta <amit.gupta at osslabs.biz> wrote:

> Hi Chris,
>
> I Just created bug 5511 for this.
>
> On Thu, Dec 16, 2010 at 4:03 PM, Chris Cormack <chrisc at catalyst.net.nz>wrote:
>
>> Hi Amit
>>
>> I think this is a good idea but a couple of things,
>>
>> Can you make a bug for this, so we can track it. And can you make sure
>> the default behaviour is the ipcheck is on. Otherwise this will change
>> the existing behaviour for a lot of people, perhaps without them
>> noticing. Id prefer things behaved the same until someone goes and
>> switches the check off. Rather than everyone having to go switch it back
>> on as the behaviour of their Koha has suddenly just changed when they
>> upgrade.
>>
>> Chris
>>
>> * Amit Gupta (amit.gupta at osslabs.biz) wrote:
>> > ---
>> >  C4/Auth.pm                                         |    5 +++--
>> >  installer/data/mysql/en/mandatory/sysprefs.sql     |    2 ++
>> >  installer/data/mysql/updatedatabase.pl             |    6 ++++++
>> >  .../prog/en/modules/admin/preferences/admin.pref   |    9 ++++++++-
>> >  kohaversion.pl                                     |    2 +-
>> >  5 files changed, 20 insertions(+), 4 deletions(-)
>> >
>> > diff --git a/C4/Auth.pm b/C4/Auth.pm
>> > index 2f13b86..7b0233b 100644
>> > --- a/C4/Auth.pm
>> > +++ b/C4/Auth.pm
>> > @@ -913,6 +913,7 @@ sub checkauth {
>> >      login        => 1,
>> >          INPUTS               => \@inputs,
>> >          casAuthentication    =>
>> C4::Context->preference("casAuthentication"),
>> > +     remoteipcheck        => C4::Context->preference("remoteipcheck"),
>> >          suggestion           => C4::Context->preference("suggestion"),
>> >          virtualshelves       =>
>> C4::Context->preference("virtualshelves"),
>> >          LibraryName          => C4::Context->preference("LibraryName"),
>> > @@ -1061,7 +1062,7 @@ sub check_api_auth {
>> >                  $userid    = undef;
>> >                  $sessionID = undef;
>> >                  return ("expired", undef, undef);
>> > -            } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
>> > +            } elsif ( C4::Context->preference('remoteipcheck') && $ip
>> ne $ENV{'REMOTE_ADDR'} ) {
>> >                  # IP address changed
>> >                  $session->delete();
>> >                  C4::Context->_unset_userenv($sessionID);
>> > @@ -1287,7 +1288,7 @@ sub check_cookie_auth {
>> >              $userid    = undef;
>> >              $sessionID = undef;
>> >              return ("expired", undef);
>> > -        } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
>> > +        } elsif ( C4::Context->preference('remoteipcheck') && $ip ne
>> $ENV{'REMOTE_ADDR'} ) {
>> >              # IP address changed
>> >              $session->delete();
>> >              C4::Context->_unset_userenv($sessionID);
>> > diff --git a/installer/data/mysql/en/mandatory/sysprefs.sql
>> b/installer/data/mysql/en/mandatory/sysprefs.sql
>> > index 1806657..48415f5 100644
>> > --- a/installer/data/mysql/en/mandatory/sysprefs.sql
>> > +++ b/installer/data/mysql/en/mandatory/sysprefs.sql
>> > @@ -278,3 +278,5 @@ INSERT INTO `systempreferences`
>> (variable,value,explanation,options,type) VALUES
>> >  INSERT INTO `systempreferences`
>> (variable,value,explanation,options,type)
>> VALUES('ILS-DI:AuthorizedIPs','','.','Restricts usage of ILS-DI to some
>> IPs','Free');
>> >  INSERT INTO `systempreferences`
>> (variable,value,explanation,options,type) VALUES
>> ('OverduesBlockCirc','noblock','When checking out an item should overdues
>> block checkout, generate a confirmation dialogue, or allow
>> checkout','noblock|confirmation|block','Choice');
>> >  INSERT INTO `systempreferences`
>> (variable,value,explanation,options,type) VALUES
>> ('DisplayMultiPlaceHold','1','Display the ability to place multiple holds or
>> not','','YesNo');
>> > +INSERT INTO `systempreferences`
>> (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check
>> for Change in Remote IP address for Session Security . Disable when remote
>> ip address changes frequently.','','YesNo');
>> > +
>> > diff --git a/installer/data/mysql/updatedatabase.plb/installer/data/mysql/
>> updatedatabase.pl
>> > index ac272ce..093ddfb 100755
>> > --- a/installer/data/mysql/updatedatabase.pl
>> > +++ b/installer/data/mysql/updatedatabase.pl
>> > @@ -3915,6 +3915,12 @@ if (C4::Context->preference("Version") <
>> TransformToNum($DBversion)) {
>> >      SetVersion ($DBversion);
>> >  }
>> >
>> > +$DBversion = '3.03.00.010';
>> > +if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
>> > +    $dbh->do("INSERT INTO `systempreferences`
>> (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check
>> for Change in  Remote IP address for Session Security. Disable when remote
>> ip address changes frequently.','','YesNo')");
>> > +    print "Upgrade to $DBversion done adding syspref Check for Change
>> in  Remote IP address for Session Security. Disable when remote ip address
>> changes frequently.";
>> > +    SetVersion ($DBversion);
>> > +}
>> >
>> >
>> >  =head1 FUNCTIONS
>> > diff --git
>> a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
>> b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
>> > index 3ef972b..dd1dac2 100644
>> > ---
>> a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
>> > +++
>> b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
>> > @@ -41,7 +41,14 @@ Administration:
>> >                    no: "Don't allow"
>> >              - staff and patrons to create and view saved lists of
>> books.
>> >      Login options:
>> > -        -
>> > +     -
>> > +            - pref: remoteipcheck
>> > +              default: 0
>> > +              choices:
>> > +                  yes: Enable
>> > +                  no: "Disable"
>> > +            - Check for Change in Remote IP address for Session
>> Security. Disable when remote ip address changes frequently.
>> > +             -
>> >              - pref: insecure
>> >                default: 0
>> >                choices:
>> > diff --git a/kohaversion.pl b/kohaversion.pl
>> > index a6e56b3..ad61294 100644
>> > --- a/kohaversion.pl
>> > +++ b/kohaversion.pl
>> > @@ -16,7 +16,7 @@ the kohaversion is divided in 4 parts :
>> >  use strict;
>> >
>> >  sub kohaversion {
>> > -    our $VERSION = '3.03.00.009';
>> > +    our $VERSION = '3.03.00.010';
>> >      # version needs to be set this way
>> >      # so that it can be picked up by Makefile.PL
>> >      # during install
>> > --
>> > 1.6.4.2
>> >
>> > _______________________________________________
>> > Koha-patches mailing list
>> > Koha-patches at lists.koha-community.org
>> > http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-patches
>> > website : http://www.koha-community.org/
>> > git : http://git.koha-community.org/
>> > bugs : http://bugs.koha-community.org/
>>
>> --
>> Chris Cormack
>> Catalyst IT Ltd.
>> +64 4 803 2238
>> PO Box 11-053, Manners St, Wellington 6142, New Zealand
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAk0J6ugACgkQZgbcHEvgMLOY+ACfVZ+jevGQ9Qi58OCJ9aVdddiC
>> wUYAoIaSYt2hYyuRaWOTsxN8ZOwA4Xip
>> =SM83
>> -----END PGP SIGNATURE-----
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/koha-patches/attachments/20101216/0041271b/attachment.htm>

More information about the Koha-patches mailing list