2011-05-03 07:25:51 +00:00
< ? php
2015-09-25 15:42:00 +00:00
2017-10-08 17:31:34 +00:00
/*
2017-10-06 21:42:39 +00:00
----------------------------------------------------------------------
LICENSE
This program is free software ; you can redistribute it and / or
modify it under the terms of the GNU General Public License ( GPL )
as published by the Free Software Foundation ; either version 2
of the License , or ( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
To read the license please visit http :// www . gnu . org / copyleft / gpl . html
----------------------------------------------------------------------
*/
2015-09-25 15:42:00 +00:00
2011-05-03 07:25:51 +00:00
/**
2017-10-08 17:31:34 +00:00
* Authorized - ip class
*
* @ copyright AlternC - Team 2000 - 2017 https :// alternc . com /
*/
2011-05-03 07:25:51 +00:00
class m_authip {
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
* Retourne la liste des ip whitelist
*
* @ global m_mem $mem
* @ return array retourne un tableau indexé des ip de l ' utilisateur
*/
function list_ip_whitelist () {
global $mem ;
if ( ! $mem -> checkRight ()) {
return false ;
}
return $this -> list_ip ( true );
2011-05-16 11:57:13 +00:00
}
2011-05-03 07:25:51 +00:00
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
*
* @ return array
*/
function hook_menu () {
$obj = array (
'title' => _ ( " FTP Access Security " ),
'link' => 'ip_main.php' ,
'pos' => 120 ,
);
return $obj ;
2011-06-03 17:08:44 +00:00
}
2015-09-25 15:42:00 +00:00
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
* Retourne la liste des ip spécifiées par cet utilisateur
*
*
* @ global m_mysql $db
* @ global m_mem $mem
* @ global int $cuid
* @ param boolean $whitelist
* @ return array Retourne un tableau indexé des ip de l ' utilisateur
*/
function list_ip ( $whitelist = false ) {
global $db , $mem ;
if ( $whitelist && $mem -> checkRight ()) {
$cuid = 0 ;
} else {
global $cuid ;
}
$r = array ();
2016-05-17 15:21:08 +00:00
$db -> query ( " SELECT * FROM authorised_ip WHERE uid= ? order by ip,subnet; " , array ( $cuid ));
2015-09-25 15:42:00 +00:00
while ( $db -> next_record ()) {
$r [ $db -> f ( 'id' )] = $db -> Record ;
if (( checkip ( $db -> f ( 'ip' )) && $db -> f ( 'subnet' ) == 32 ) ||
2017-10-06 21:42:39 +00:00
( checkipv6 ( $db -> f ( 'ip' )) && $db -> f ( 'subnet' ) == 128 )) {
2015-09-25 15:42:00 +00:00
$r [ $db -> f ( 'id' )][ 'ip_human' ] = $db -> f ( 'ip' );
} else {
$r [ $db -> f ( 'id' )][ 'ip_human' ] = $db -> f ( 'ip' ) . " / " . $db -> f ( 'subnet' );
}
}
return $r ;
2011-06-03 17:08:44 +00:00
}
2015-09-25 15:42:00 +00:00
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
* Supprime une IP des IP de l ' utilisateur
* et supprime les droits attaché en cascade
*
* @ param integer $id
* @ return boolean
*
* @ global m_mysql $db
* @ global int $cuid
* @ param int $id id de la ligne à supprimer
* @ return boolean Retourne FALSE si erreur , sinon TRUE
*/
function ip_delete ( $id ) {
2017-08-17 01:32:18 +00:00
global $db , $cuid , $msg ;
2015-09-25 15:42:00 +00:00
$id = intval ( $id );
2016-05-17 15:21:08 +00:00
$db -> query ( " SELECT id FROM authorised_ip_affected where authorised_ip_id = ?; " , array ( $id ));
2015-09-25 15:42:00 +00:00
while ( $db -> next_record ()) {
$this -> ip_affected_delete ( $db -> f ( 'id' ));
}
2016-05-17 15:21:08 +00:00
if ( ! $db -> query ( " delete from authorised_ip where id= ? and ( uid= ? or uid=0) limit 1; " , array ( $id , $cuid ))) {
2017-10-06 16:04:36 +00:00
$msg -> raise ( " ERROR " , 'authip' , _ ( " query failed: " . $db -> Error ));
2015-09-25 15:42:00 +00:00
return false ;
}
return true ;
2011-05-03 07:25:51 +00:00
}
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
* Liste les IP et subnet authorisés
* pour une classe donnée
*
* @ global m_mysql $db
* @ global int $cuid
* @ param string $s Classe concernée
* @ return array
*/
function get_allowed ( $s ) {
2017-08-17 01:32:18 +00:00
global $db , $cuid , $msg ;
2016-05-17 15:21:08 +00:00
if ( ! $db -> query ( " select ai.ip, ai.subnet, ai.infos, aia.parameters from authorised_ip ai, authorised_ip_affected aia where aia.protocol= ? and aia.authorised_ip_id = ai.id and ai.uid= ?; " , array ( $s , $cuid ))) {
2017-10-06 16:04:36 +00:00
$msg -> raise ( " ERROR " , 'authip' , _ ( " query failed: " . $db -> Error ));
2015-09-25 15:42:00 +00:00
return false ;
}
$r = Array ();
while ( $db -> next_record ()) {
$r [] = Array ( " ip " => $db -> f ( " ip " ), " subnet " => $db -> f ( " subnet " ), " infos " => $db -> f ( " infos " ), " parameters " => $db -> f ( " parameters " ));
}
return $r ;
2011-05-03 07:25:51 +00:00
}
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
*
* @ global m_mysql $db
* @ param string $ip
* @ return boolean
*/
function is_wl ( $ip ) {
2017-08-17 01:32:18 +00:00
global $db , $msg ;
2015-09-25 15:42:00 +00:00
if ( ! $db -> query ( " select ai.ip, ai.subnet from authorised_ip ai where ai.uid='0'; " )) {
2017-10-06 16:04:36 +00:00
$msg -> raise ( " ERROR " , 'authip' , _ ( " query failed: " . $db -> Error ));
2015-09-25 15:42:00 +00:00
return false ;
}
while ( $db -> next_record ()) {
if ( $this -> is_in_subnet ( $ip , $db -> f ( 'ip' ), $db -> f ( 'subnet' )))
return true ;
}
2011-05-03 07:25:51 +00:00
return false ;
}
2015-09-25 15:42:00 +00:00
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
* Retourne si l ' ip appartient au subnet .
*
* @ param string $o
* @ param string $ip
* @ param string $sub
* @ return boolean
*/
function is_in_subnet ( $o , $ip , $sub ) {
$o = inet_pton ( $o );
$ip = inet_pton ( $ip );
$sub = pow ( 2 , $sub );
if ( $o >= $ip && $o <= ( $ip + $sub )) {
return true ;
}
return false ;
2011-05-03 07:25:51 +00:00
}
2015-09-25 15:42:00 +00:00
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
* Sauvegarde une IP dans les IP TOUJOURS authorisée
*
* @ global m_mem $mem
*/
function ip_save_whitelist ( $id , $ipsub , $infos ) {
global $mem ;
if ( ! $mem -> checkRight ()) {
return false ;
}
return $this -> ip_save ( $id , $ipsub , $infos , 0 );
2011-05-03 07:25:51 +00:00
}
2011-11-08 16:06:35 +00:00
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
* Sauvegarde une IP dans les IP authorisée
*
* @ global m_mysql $db
* @ global m_mem $mem
* @ global int $cuid
* @ param int $id id de la ligne à modifier . Si vide ou
* égal à 0 , alors c ' est une insertion
* @ param string $ipsub IP ( v4 ou v6 ), potentiellement avec un subnet ( / 24 )
* @ param string $infos Commentaire pour l ' utilisateur
* @ param int $uid Si $uid = 0 et qu ' on est super - admin , insertion avec uid = 0
* ce qui correspond a une ip toujours authorisée
* @ return boolean Retourne FALSE si erreur , sinon TRUE
*
*/
function ip_save ( $id , $ipsub , $infos , $uid = null ) {
2017-08-17 01:32:18 +00:00
global $db , $mem , $msg ;
2015-09-25 15:42:00 +00:00
// If we ask for uid=0, we have to check to be super-user
// else, juste use global cuid;
if ( $uid === 0 && $mem -> checkRight ()) {
$cuid = 0 ;
} else {
global $cuid ;
}
$id = intval ( $id );
2017-10-06 21:42:39 +00:00
$infos = $db -> quote ( trim ( $infos ));
2015-09-25 15:42:00 +00:00
// Extract subnet from ipsub
$tmp = explode ( '/' , $ipsub );
$ip = $tmp [ 0 ];
// Error if $ip not an IP
if ( ! checkip ( $ip ) && ! checkipv6 ( $ip )) {
2017-10-06 16:04:36 +00:00
$msg -> raise ( " ERROR " , 'authip' , _ ( " Failed : not an IP address " ));
2015-09-25 15:42:00 +00:00
return false ;
}
// Check the subnet, if not defined, give a /32 or a /128
if ( isset ( $tmp [ 1 ])) {
$subnet = intval ( $tmp [ 1 ]);
} else {
if ( checkip ( $ip )) {
$subnet = 32 ;
} else {
$subnet = 128 ;
}
}
// An IPv4 can't have subnet > 32
if ( checkip ( $ip ) && $subnet > 32 ) {
$subnet = 32 ;
}
if ( $id ) { // Update
$list_affected = $this -> list_affected ( $id );
foreach ( $list_affected as $k => $v ) {
$this -> call_hooks ( " authip_on_delete " , $k );
}
2017-08-17 01:32:18 +00:00
if ( ! $db -> query ( " update authorised_ip set ip= ?, subnet= ?, infos= ? where id= ? and uid=? ; " , array ( $ip , $subnet , $infos , $id , $cuid ))) {
2017-10-06 16:04:36 +00:00
$msg -> raise ( " ERROR " , 'authip' , _ ( " query failed: " . $db -> Error ));
2015-09-25 15:42:00 +00:00
return false ;
}
foreach ( $list_affected as $k => $v ) {
$this -> call_hooks ( " authip_on_create " , $k );
}
} else { // Insert
2016-05-17 15:21:08 +00:00
if ( ! $db -> query ( " insert into authorised_ip (uid, ip, subnet, infos) values (?, ?, ?, ?); " , array ( $cuid , $ip , $subnet , $infos ))) {
2017-10-06 16:04:36 +00:00
$msg -> raise ( " ERROR " , 'authip' , _ ( " query failed: " . $db -> Error ));
2015-09-25 15:42:00 +00:00
return false ;
}
}
return true ;
2011-05-03 07:25:51 +00:00
}
2015-09-25 15:42:00 +00:00
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
* Fonction appelée par Alternc lors de la suppression d ' un utilisateur
*
* @ global int $cuid
* @ global m_mysql $db
* @ return boolean Retourne TRUE
*/
function alternc_del_member () {
global $cuid , $db ;
2016-05-17 15:21:08 +00:00
$db -> query ( " SELECT id FROM authorised_ip WHERE uid = ?; " , array ( $cuid ));
2015-09-25 15:42:00 +00:00
while ( $db -> next_record ()) {
$this -> ip_delete ( $db -> f ( 'id' ));
}
return true ;
2011-05-03 07:25:51 +00:00
}
2015-09-25 15:42:00 +00:00
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
* Analyse les classes et récupéres les informations
* des classes voulant de la restriction IP
*
* @ return array Retourne un tableau compliqué
*/
function get_auth_class () {
global $hooks ;
$authclass = $hooks -> invoke ( 'authip_class' );
// Je rajoute la class DANS l'objet parce que
// ca m'interesse
foreach ( $authclass as $k => $v ) {
$authclass [ $k ][ 'class' ] = $k ;
}
return $authclass ;
2013-02-01 09:12:55 +00:00
}
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
* Enregistre ou modifie une affectation ip <=> ressource
* Nota : lance des hooks sur la classe correspondante pour
* informer de l ' édition / création
*
* @ global m_mysql $db
* @ param int $authorised_ip_id id de l ' ip affecté
* @ param string $protocol nom du protocole ( définie dans la classe correspondante )
* @ param string $parameters information propre au protocole
* @ param int $id $id présent si c ' est une édition
* @ return boolean Retourne FALSE si erreur , sinon TRUE
*/
function ip_affected_save ( $authorised_ip_id , $protocol , $parameters , $id = null ) {
2017-08-17 01:32:18 +00:00
global $db , $msg ;
2015-09-25 15:42:00 +00:00
$authorised_ip_id = intval ( $authorised_ip_id );
if ( $id ) {
$id = intval ( $id );
$this -> call_hooks ( " authip_on_delete " , $id );
2016-05-17 15:21:08 +00:00
if ( ! $db -> query ( " update authorised_ip_affected set authorised_ip_id= ?, protocol= ?, parameters= ? where id = ? limit 1; " , array ( $authorised_ip_id , $protocol , $parameters , $id ))) {
2017-10-06 16:04:36 +00:00
$msg -> raise ( " ERROR " , 'authip' , _ ( " query failed: " . $db -> Error ));
2015-09-25 15:42:00 +00:00
return false ;
}
$this -> call_hooks ( " authip_on_create " , $id );
} else {
2016-05-17 15:21:08 +00:00
if ( ! $db -> query ( " insert into authorised_ip_affected (authorised_ip_id, protocol, parameters) values (?, ?, ?); " , array ( $authorised_ip_id , $protocol , $parameters ))) {
2017-10-06 16:04:36 +00:00
$msg -> raise ( " ERROR " , 'authip' , _ ( " query failed: " . $db -> Error ));
2015-09-25 15:42:00 +00:00
return false ;
}
2016-05-18 10:51:03 +00:00
$this -> call_hooks ( " authip_on_create " , $db -> lastid ());
2015-09-25 15:42:00 +00:00
}
return true ;
}
2011-11-08 16:06:35 +00:00
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
* Supprime une affectation ip <=> ressource
* Nota : lance des hooks dans la classe correspondante
* pour informer de la suppression
*
* @ global m_mysql $db
* @ param int $id id de la ligne à supprimer
* @ return boolean Retourne FALSE si erreur , sinon TRUE
*/
function ip_affected_delete ( $id ) {
2017-08-17 01:32:18 +00:00
global $db , $msg ;
2015-09-25 15:42:00 +00:00
$id = intval ( $id );
// Call hooks
$this -> call_hooks ( " authip_on_delete " , $id );
2016-05-17 15:21:08 +00:00
if ( ! $db -> query ( " delete from authorised_ip_affected where id= ? limit 1; " , array ( $id ))) {
2017-10-06 16:04:36 +00:00
$msg -> raise ( " ERROR " , 'authip' , _ ( " query failed: " . $db -> Error ));
2015-09-25 15:42:00 +00:00
return false ;
}
return true ;
2013-02-01 09:12:55 +00:00
}
2015-09-25 15:42:00 +00:00
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
* Appel les hooks demandé avec en parametres les
* affectationt ip <=> ressource dont l ' id est en parametre
*
* @ global m_hooks $hooks
2017-08-17 01:32:18 +00:00
* @ global m_messages $msg
2015-09-25 15:42:00 +00:00
* @ param string $function Nom de la fonction a rechercher et appeller dans les classes
* @ param integer $affectation_id Id de l ' affectation correspondante
* @ return boolean Retourne TRUE
*/
function call_hooks ( $function , $affectation_id ) {
2017-08-17 01:32:18 +00:00
global $hooks , $msg ;
2015-09-25 15:42:00 +00:00
// On récure l'objet dont on parle
$d = $this -> list_affected ();
if ( ! isset ( $d [ $affectation_id ])) {
2017-10-06 16:04:36 +00:00
$msg -> raise ( " ERROR " , 'authip' , _ ( " Object not available " ));
2015-09-25 15:42:00 +00:00
return false ;
}
$affectation = $d [ $affectation_id ];
// On en déduis la classe qui le concerne
$e = $this -> get_auth_class ();
if ( ! isset ( $e [ $affectation [ 'protocol' ]])) {
2017-10-06 16:04:36 +00:00
$msg -> raise ( " ERROR " , 'authip' , sprintf ( _ ( " Can't identified class for the protocole %s " ), $affectation [ 'protocol' ]));
2015-09-25 15:42:00 +00:00
return false ;
}
$c = $e [ $affectation [ 'protocol' ]][ 'class' ];
// On appelle le hooks de cette classe
$hooks -> invoke ( $function , Array ( $affectation ), Array ( $c ));
return true ;
2011-05-03 19:03:43 +00:00
}
2015-09-25 15:42:00 +00:00
2017-10-08 17:31:34 +00:00
2015-09-25 15:42:00 +00:00
/**
* Liste les affectation ip <=> ressource d ' un utilisateur
*
* @ global m_mysql $db
* @ global int $cuid
* @ param int $ip_id
* @ return array Retourne un tableau de valeurs
*/
function list_affected ( $ip_id = null ) {
global $db , $cuid ;
$r = array ();
if ( is_null ( $ip_id )) {
2016-05-17 15:21:08 +00:00
$db -> query ( " select aia.* from authorised_ip_affected aia, authorised_ip ai where ai.uid= ? and aia.authorised_ip_id = ai.id order by protocol, parameters; " , array ( $cuid ));
2015-09-25 15:42:00 +00:00
} else {
2016-05-17 15:21:08 +00:00
$db -> query ( " select aia.* from authorised_ip_affected aia, authorised_ip ai where ai.uid= ? and aia.authorised_ip_id = ? order by protocol, parameters; " , array ( $cuid , intval ( $ip_id )));
2015-09-25 15:42:00 +00:00
}
while ( $db -> next_record ()) {
$r [ $db -> f ( 'id' )] = $db -> Record ;
}
return $r ;
2011-05-03 07:25:51 +00:00
}
2017-10-08 17:31:34 +00:00
} /* Class m_authip */
2012-04-06 10:10:36 +00:00