added host restriction
This commit is contained in:
parent
f49bf6944f
commit
185d3fd2ce
|
@ -134,6 +134,8 @@ $helpArray = array (
|
|||
"Text" => _("Please select your prefered log level. Messages with a lower level will not be logged.")),
|
||||
"240" => array ("ext" => "FALSE", "Headline" => _("Log destination"),
|
||||
"Text" => _("Here you can select where LAM should save its log messages. System logging will go to Syslog on Unix systems and event log on Windows. You can also select an extra file.")),
|
||||
"241" => array ("ext" => "FALSE", "Headline" => _("Allowed hosts"),
|
||||
"Text" => _("This is a list of IP addresses from hosts who may access LAM. You can use \"*\" as wildcard (e.g. 192.168.0.*).")),
|
||||
"250" => array ("ext" => "FALSE", "Headline" => _("Account lists - Filters"),
|
||||
"Text" => _("Here you can input small filter expressions (e.g. 'value' or 'v*'). LAM will filter case-insensitive.")),
|
||||
// 300 - 399
|
||||
|
|
|
@ -728,8 +728,12 @@ class CfgMain {
|
|||
/** log destination ("SYSLOG":syslog, "/...":file, "NONE":none) */
|
||||
var $logDestination;
|
||||
|
||||
/** list of hosts which may access LAM */
|
||||
var $allowedHosts;
|
||||
|
||||
/** list of data fields to save in config file */
|
||||
var $settings = array("password", "default", "sessionTimeout", "logLevel", "logDestination");
|
||||
var $settings = array("password", "default", "sessionTimeout",
|
||||
"logLevel", "logDestination", "allowedHosts");
|
||||
|
||||
/**
|
||||
* Loads preferences from config file
|
||||
|
@ -739,6 +743,7 @@ class CfgMain {
|
|||
$this->sessionTimeout = 30;
|
||||
$this->logLevel = LOG_NOTICE;
|
||||
$this->logDestination = "SYSLOG";
|
||||
$this->allowedHosts = "";
|
||||
$this->reload();
|
||||
}
|
||||
|
||||
|
@ -809,6 +814,7 @@ class CfgMain {
|
|||
if (!in_array("sessionTimeout", $saved)) array_push($file_array, "\n\n# session timeout in minutes\n" . "sessionTimeout: " . $this->sessionTimeout);
|
||||
if (!in_array("logLevel", $saved)) array_push($file_array, "\n\n# log level\n" . "logLevel: " . $this->logLevel);
|
||||
if (!in_array("logDestination", $saved)) array_push($file_array, "\n\n# log destination\n" . "logDestination: " . $this->logDestination);
|
||||
if (!in_array("allowedHosts", $saved)) array_push($file_array, "\n\n# list of hosts which may access LAM\n" . "allowedHosts: " . $this->allowedHosts);
|
||||
$file = @fopen($conffile, "w");
|
||||
if ($file) {
|
||||
for ($i = 0; $i < sizeof($file_array); $i++) fputs($file, $file_array[$i]);
|
||||
|
|
|
@ -33,6 +33,9 @@ include_once('config.inc');
|
|||
/** ldap connection */
|
||||
include_once('ldap.inc');
|
||||
|
||||
// check client IP address
|
||||
checkClientIP();
|
||||
|
||||
/**
|
||||
* Starts a session and checks the environment.
|
||||
* The script is stopped if one of the checks fail.
|
||||
|
@ -72,27 +75,26 @@ function startSecureSession() {
|
|||
*
|
||||
*/
|
||||
function checkClientIP() {
|
||||
|
||||
$cfg = new CfgMain();
|
||||
$allowedHosts = $cfg->allowedHosts;
|
||||
// skip test if no hosts are defined
|
||||
if ($allowedHosts == "") return;
|
||||
$allowedHosts = explode(",", $allowedHosts);
|
||||
$grantAccess = false;
|
||||
for ($i = 0; $i < sizeof($allowedHosts); $i++) {
|
||||
$host = $allowedHosts[$i];
|
||||
$ipRegex = '^[0-9\\.\\*]+$';
|
||||
if (!ereg($ipRegex, $host)) continue;
|
||||
$hostRegex = str_replace(".", "\\.", $host);
|
||||
$hostRegex = '^' . str_replace("*", ".*", $hostRegex) . '$';
|
||||
$clientIP = $_SERVER['REMOTE_ADDR'];
|
||||
if (ereg($hostRegex, $clientIP)) {
|
||||
// client is allowed to access LAM
|
||||
$grantAccess = true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the user is allowed to access LAM at this time.
|
||||
* The script is stopped if time is exceeded.
|
||||
*
|
||||
* @param unknown_type $dn
|
||||
*/
|
||||
function checkUserTime($dn) {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a list of DNs of valid LAM users.
|
||||
*
|
||||
* @param string $dn configuration DN
|
||||
* @return array $dn user list
|
||||
*/
|
||||
function getValidUserDNs($dn) {
|
||||
return array("uid=test,o=test", "uid=test2,o=test");
|
||||
// stop script is client may not access LAM
|
||||
if (!$grantAccess) die();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -89,6 +89,27 @@ if ($_POST['submit']) {
|
|||
}
|
||||
// set session timeout
|
||||
$cfg->sessionTimeout = $_POST['sessionTimeout'];
|
||||
// set allowed hosts
|
||||
if (isset($_POST['allowedHosts'])) {
|
||||
$allowedHosts = $_POST['allowedHosts'];
|
||||
$allowedHostsList = explode("\n", $allowedHosts);
|
||||
for ($i = 0; $i < sizeof($allowedHostsList); $i++) {
|
||||
$allowedHostsList[$i] = trim($allowedHostsList[$i]);
|
||||
// ignore empty lines
|
||||
if ($allowedHostsList[$i] == "") {
|
||||
unset($allowedHostsList[$i]);
|
||||
continue;
|
||||
}
|
||||
// check each line
|
||||
$ipRegex = '^[0-9\\.\\*]+$';
|
||||
if (!ereg($ipRegex, $allowedHostsList[$i]) || (strlen($allowedHostsList[$i]) > 15)) {
|
||||
$errors[] = sprintf(_("The IP address %s is invalid!"), $allowedHostsList[$i]);
|
||||
}
|
||||
}
|
||||
$allowedHosts = implode(",", $allowedHostsList);
|
||||
}
|
||||
else $allowedHosts = "";
|
||||
$cfg->allowedHosts = $allowedHosts;
|
||||
// set log level
|
||||
$cfg->logLevel = $_POST['logLevel'];
|
||||
// set log destination
|
||||
|
@ -118,7 +139,7 @@ if ($_POST['submit']) {
|
|||
<br>
|
||||
<!-- form for adding/renaming/deleting profiles -->
|
||||
<form action="mainmanage.php" method="post">
|
||||
<table border="0">
|
||||
<table border="0" align="center">
|
||||
<tr><td>
|
||||
<fieldset>
|
||||
<legend><b> <?php echo _("Security settings"); ?> </b></legend>
|
||||
|
@ -126,8 +147,10 @@ if ($_POST['submit']) {
|
|||
<table cellspacing="0" border="0">
|
||||
<!-- session timeout -->
|
||||
<tr>
|
||||
<td align="right">
|
||||
<td align="left">
|
||||
<?php echo _("Session timeout"); ?>
|
||||
</td>
|
||||
<td>
|
||||
<SELECT name="sessionTimeout">
|
||||
<?php
|
||||
$options = array(5, 10, 20, 30, 60);
|
||||
|
@ -151,6 +174,23 @@ if ($_POST['submit']) {
|
|||
?>
|
||||
</td>
|
||||
</tr>
|
||||
<!-- allowed hosts -->
|
||||
<tr>
|
||||
<td align="left">
|
||||
<?php echo _("Allowed hosts"); ?>
|
||||
</td>
|
||||
<td>
|
||||
<TEXTAREA cols="30" rows="7" name="allowedHosts"><?php echo implode("\n", explode(",", $cfg->allowedHosts)); ?></TEXTAREA>
|
||||
</td>
|
||||
<td>
|
||||
<?PHP
|
||||
// help link
|
||||
echo "<a href=\"../help.php?HelpNumber=241\" target=\"lamhelp\">";
|
||||
echo "<img src=\"../../graphics/help.png\" alt=\"" . _('Help') . "\" title=\"" . _('Help') . "\">";
|
||||
echo "</a>\n";
|
||||
?>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
</fieldset>
|
||||
<BR>
|
||||
|
@ -279,10 +319,13 @@ if ($_POST['submit']) {
|
|||
</table>
|
||||
</fieldset>
|
||||
</td></tr>
|
||||
</table>
|
||||
<TR>
|
||||
<TD>
|
||||
<BR>
|
||||
|
||||
<input type="submit" name="submit" value=" <?php echo _("Ok"); ?> ">
|
||||
</TD>
|
||||
</TR>
|
||||
</table>
|
||||
|
||||
</form>
|
||||
<p><br></p>
|
||||
|
|
Loading…
Reference in New Issue