[Koha-patches] [PATCH] Check for Change in Remote IP address for Session Security. Disable when remote ip address changes frequently.
amit gupta
amit.gupta at osslabs.biz
Thu Dec 16 12:50:36 CET 2010
Hi Chris,
I will be sending the new patch with the correction.
On Thu, Dec 16, 2010 at 4:49 PM, amit gupta <amit.gupta at osslabs.biz> wrote:
> Hi Chris,
>
> I Just created bug 5511 for this.
>
> On Thu, Dec 16, 2010 at 4:03 PM, Chris Cormack <chrisc at catalyst.net.nz>wrote:
>
>> Hi Amit
>>
>> I think this is a good idea but a couple of things,
>>
>> Can you make a bug for this, so we can track it. And can you make sure
>> the default behaviour is the ipcheck is on. Otherwise this will change
>> the existing behaviour for a lot of people, perhaps without them
>> noticing. Id prefer things behaved the same until someone goes and
>> switches the check off. Rather than everyone having to go switch it back
>> on as the behaviour of their Koha has suddenly just changed when they
>> upgrade.
>>
>> Chris
>>
>> * Amit Gupta (amit.gupta at osslabs.biz) wrote:
>> > ---
>> > C4/Auth.pm | 5 +++--
>> > installer/data/mysql/en/mandatory/sysprefs.sql | 2 ++
>> > installer/data/mysql/updatedatabase.pl | 6 ++++++
>> > .../prog/en/modules/admin/preferences/admin.pref | 9 ++++++++-
>> > kohaversion.pl | 2 +-
>> > 5 files changed, 20 insertions(+), 4 deletions(-)
>> >
>> > diff --git a/C4/Auth.pm b/C4/Auth.pm
>> > index 2f13b86..7b0233b 100644
>> > --- a/C4/Auth.pm
>> > +++ b/C4/Auth.pm
>> > @@ -913,6 +913,7 @@ sub checkauth {
>> > login => 1,
>> > INPUTS => \@inputs,
>> > casAuthentication =>
>> C4::Context->preference("casAuthentication"),
>> > + remoteipcheck => C4::Context->preference("remoteipcheck"),
>> > suggestion => C4::Context->preference("suggestion"),
>> > virtualshelves =>
>> C4::Context->preference("virtualshelves"),
>> > LibraryName => C4::Context->preference("LibraryName"),
>> > @@ -1061,7 +1062,7 @@ sub check_api_auth {
>> > $userid = undef;
>> > $sessionID = undef;
>> > return ("expired", undef, undef);
>> > - } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
>> > + } elsif ( C4::Context->preference('remoteipcheck') && $ip
>> ne $ENV{'REMOTE_ADDR'} ) {
>> > # IP address changed
>> > $session->delete();
>> > C4::Context->_unset_userenv($sessionID);
>> > @@ -1287,7 +1288,7 @@ sub check_cookie_auth {
>> > $userid = undef;
>> > $sessionID = undef;
>> > return ("expired", undef);
>> > - } elsif ( $ip ne $ENV{'REMOTE_ADDR'} ) {
>> > + } elsif ( C4::Context->preference('remoteipcheck') && $ip ne
>> $ENV{'REMOTE_ADDR'} ) {
>> > # IP address changed
>> > $session->delete();
>> > C4::Context->_unset_userenv($sessionID);
>> > diff --git a/installer/data/mysql/en/mandatory/sysprefs.sql
>> b/installer/data/mysql/en/mandatory/sysprefs.sql
>> > index 1806657..48415f5 100644
>> > --- a/installer/data/mysql/en/mandatory/sysprefs.sql
>> > +++ b/installer/data/mysql/en/mandatory/sysprefs.sql
>> > @@ -278,3 +278,5 @@ INSERT INTO `systempreferences`
>> (variable,value,explanation,options,type) VALUES
>> > INSERT INTO `systempreferences`
>> (variable,value,explanation,options,type)
>> VALUES('ILS-DI:AuthorizedIPs','','.','Restricts usage of ILS-DI to some
>> IPs','Free');
>> > INSERT INTO `systempreferences`
>> (variable,value,explanation,options,type) VALUES
>> ('OverduesBlockCirc','noblock','When checking out an item should overdues
>> block checkout, generate a confirmation dialogue, or allow
>> checkout','noblock|confirmation|block','Choice');
>> > INSERT INTO `systempreferences`
>> (variable,value,explanation,options,type) VALUES
>> ('DisplayMultiPlaceHold','1','Display the ability to place multiple holds or
>> not','','YesNo');
>> > +INSERT INTO `systempreferences`
>> (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check
>> for Change in Remote IP address for Session Security . Disable when remote
>> ip address changes frequently.','','YesNo');
>> > +
>> > diff --git a/installer/data/mysql/updatedatabase.plb/installer/data/mysql/
>> updatedatabase.pl
>> > index ac272ce..093ddfb 100755
>> > --- a/installer/data/mysql/updatedatabase.pl
>> > +++ b/installer/data/mysql/updatedatabase.pl
>> > @@ -3915,6 +3915,12 @@ if (C4::Context->preference("Version") <
>> TransformToNum($DBversion)) {
>> > SetVersion ($DBversion);
>> > }
>> >
>> > +$DBversion = '3.03.00.010';
>> > +if (C4::Context->preference("Version") < TransformToNum($DBversion)) {
>> > + $dbh->do("INSERT INTO `systempreferences`
>> (variable,value,explanation,options,type) VALUES('remoteipcheck','0','Check
>> for Change in Remote IP address for Session Security. Disable when remote
>> ip address changes frequently.','','YesNo')");
>> > + print "Upgrade to $DBversion done adding syspref Check for Change
>> in Remote IP address for Session Security. Disable when remote ip address
>> changes frequently.";
>> > + SetVersion ($DBversion);
>> > +}
>> >
>> >
>> > =head1 FUNCTIONS
>> > diff --git
>> a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
>> b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
>> > index 3ef972b..dd1dac2 100644
>> > ---
>> a/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
>> > +++
>> b/koha-tmpl/intranet-tmpl/prog/en/modules/admin/preferences/admin.pref
>> > @@ -41,7 +41,14 @@ Administration:
>> > no: "Don't allow"
>> > - staff and patrons to create and view saved lists of
>> books.
>> > Login options:
>> > - -
>> > + -
>> > + - pref: remoteipcheck
>> > + default: 0
>> > + choices:
>> > + yes: Enable
>> > + no: "Disable"
>> > + - Check for Change in Remote IP address for Session
>> Security. Disable when remote ip address changes frequently.
>> > + -
>> > - pref: insecure
>> > default: 0
>> > choices:
>> > diff --git a/kohaversion.pl b/kohaversion.pl
>> > index a6e56b3..ad61294 100644
>> > --- a/kohaversion.pl
>> > +++ b/kohaversion.pl
>> > @@ -16,7 +16,7 @@ the kohaversion is divided in 4 parts :
>> > use strict;
>> >
>> > sub kohaversion {
>> > - our $VERSION = '3.03.00.009';
>> > + our $VERSION = '3.03.00.010';
>> > # version needs to be set this way
>> > # so that it can be picked up by Makefile.PL
>> > # during install
>> > --
>> > 1.6.4.2
>> >
>> > _______________________________________________
>> > Koha-patches mailing list
>> > Koha-patches at lists.koha-community.org
>> > http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-patches
>> > website : http://www.koha-community.org/
>> > git : http://git.koha-community.org/
>> > bugs : http://bugs.koha-community.org/
>>
>> --
>> Chris Cormack
>> Catalyst IT Ltd.
>> +64 4 803 2238
>> PO Box 11-053, Manners St, Wellington 6142, New Zealand
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAk0J6ugACgkQZgbcHEvgMLOY+ACfVZ+jevGQ9Qi58OCJ9aVdddiC
>> wUYAoIaSYt2hYyuRaWOTsxN8ZOwA4Xip
>> =SM83
>> -----END PGP SIGNATURE-----
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/koha-patches/attachments/20101216/0041271b/attachment.htm>
More information about the Koha-patches
mailing list