kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Restriction IP (work in progress)

This commit is contained in:
Alan Garcia 2011-05-03 07:25:51 +00:00
parent f746d671c3
commit 83da8361e0
5 changed files with 318 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored
View File

@ -310,6 +310,7 @@ bureau/class/hooks.php -text
bureau/class/lang_env.php -text
bureau/class/local.php -text
bureau/class/m_admin.php -text
bureau/class/m_authip.php -text
bureau/class/m_bro.php -text
bureau/class/m_dom.php -text
bureau/class/m_err.php -text

132
bureau/admin/ip_main.php
View File

@ -5,26 +5,39 @@ include_once("head.php");
$fields = array (
"delete_id" => array ("get", "integer", ""),
"is_subnet" => array ("post", "string", ""),
"id" => array ("post", "integer", 0),
"ip" => array ("post", "string", ""),
"subnet" => array ("post", "integer" ,0),
"ipsub" => array ("post", "string", ""),
"infos" => array ("post", "string" ,""),
"s_ipsub" => array ("post", "integer", ""),
"s_protocol" => array ("post", "string", ""),
);
getFields($fields);
if (!empty($s_protocol)) {
$val="s_affect_".$s_protocol;
$fields = array( $val => Array('post','string', '') );
getFields($fields);
if (! $authip->ip_affected_save($s_ipsub, $s_protocol, $$val) ) {
$error="Error during ip_affected_save";
}
}
if (!empty($delete_id)) {
if (! $authip->ip_delete($delete_id)) {
$error="Error during recording";
}
}
if (!empty($is_subnet) && !empty($ip)) {
if (! $authip->ip_save($id, $ip, $subnet, $infos)) {
if (!empty($ipsub)) {
if (! $authip->ip_save($id, $ipsub, $infos)) {
$error="Error during recording";
}
}
$list_ip = $authip->list_ip();
$ac = $authip->get_auth_class();
$lac = $authip->list_affected();
?>
<h3><?php __("Access security"); ?></h3>
@ -35,6 +48,64 @@ if (!empty($is_subnet) && !empty($ip)) {
<p class="error"><?php echo $error ?></p>
<?php } ?>
<table>
<tr>
<th><?php __("Protocol");?></th>
<th><?php __("Target");?></th>
<th><?php __("IP address");?></th>
</tr>
<?php
foreach ($lac as $ll) {
echo "<tr>";
echo "<td>".$ac[$ll['protocol']]['name']."</td>";
echo "<td>".$ac[$ll['protocol']]['values'][$ll['parameters']]."</td>";
echo "<td>".$list_ip[$ll['authorised_ip_id']]['ip_human']."</td>";
echo "</tr>";
}
?>
</table>
</p>
<fieldset><legend><?php __("Add a new rule"); ?></legend>
<form method="post" action="ip_main.php" name="main" id="main">
<table>
<thead>
<th><?php __("Target"); ?></th>
<th><?php __("IP address (or subnet)"); ?></th>
<th/>
</thead>
<tbody>
<tr valign="top">
<td>
<?php foreach ($ac as $a) { ?>
<p>
<input type="radio" name="s_protocol" id="protocol_<?php echo htmlentities($a['protocol']);?>" value="<?php echo htmlentities($a['protocol']);?>" />
<label for="s_protocol_<?php echo htmlentities($a['protocol']);?>"><?php echo htmlentities($a['name']); ?></label>
<select name="s_affect_<?php echo htmlentities($a['protocol']);?>" id="s_affect_<?php echo htmlentities($a['protocol']);?>">
<?php foreach ($a['values'] as $k => $v) { ?>
<option value="<?php echo htmlentities($k); ?>"><?php echo htmlentities($v); ?></option>
<?php } ?>
</select>
</p>
<?php } ?>
</td><td valign="middle">
<p>
<select name="s_ipsub">
<?php foreach ($list_ip as $li) { ?>
<option value="<?php echo $li['id']; ?>"><?php echo htmlentities($li['infos']); echo " - ".$li['ip'] ; if (!($li['subnet']==32 || $li['subnet'] == 128)) echo "/".$li['subnet'];?></option>
<?php } ?>
</select>
</p>
</td>
<td valign=middle>
<input type="submit" class="inb" value="<?php __("Save")?>" />
</td>
</tr>
</tbody>
</table>
</form>
</fieldset>
<table>
<tr>
@ -44,7 +115,7 @@ if (!empty($is_subnet) && !empty($ip)) {
<td valign=top>
<table>
<tr><th><?php __("Type"); ?></th><th><?php __("IP"); ?></th><th><?php __("Informations"); ?></th><th colspan=2/></tr>
<?php foreach($authip->list_ip() as $i) {
<?php foreach($list_ip as $i) {
if (checkip($i['ip'])) {
if ($i['subnet']==32) {
$txt="Address IPv4";
@ -64,7 +135,7 @@ if (!empty($is_subnet) && !empty($ip)) {
}
echo "<tr><td>$txt</td><td>$ip</td><td>${i['infos']}</td>";
?>
<td><div class="ina"><a href="javascript:edit_ip(<?php echo "'".htmlentities($i['id'])."','".htmlentities($i['ip'])."','".htmlentities($i['subnet'])."','".htmlentities($i['infos'])."'"; ?>);"><img src="images/edit.png" alt="<?php __("Edit"); ?>" /><?php __("Edit"); ?></a></div></td>
<td><div class="ina"><a href="javascript:edit_ip(<?php echo "'".htmlentities($i['id'])."','".htmlentities($i['ip_human'])."','".htmlentities($i['infos'])."'"; ?>);"><img src="images/edit.png" alt="<?php __("Edit"); ?>" /><?php __("Edit"); ?></a></div></td>
<td><div class="ina"><a href="ip_main.php?delete_id=<?php echo urlencode($i["id"]) ?>"><img src="images/delete.png" alt="<?php __("Delete"); ?>" /><?php __("Delete"); ?></a></div></td>
</tr>
@ -73,22 +144,17 @@ if (!empty($is_subnet) && !empty($ip)) {
</td>
<td valign=top>
<fieldset>
<legend><a href='javascript:switch_from_add_ip();'><?php __("Add an IP");?></a> - <a href="javascript:edit_ip('','<?php echo htmlentities($_SERVER['REMOTE_ADDR'])."','".(checkip($_SERVER['REMOTE_ADDR'])?"32":"128")."','Home IP'";?>);" ><?php echo __("Add my actual IP"); ?></a></legend>
<legend><?php __("Add an IP");?> - <a href="javascript:edit_ip('','<?php echo htmlentities($_SERVER['REMOTE_ADDR'])."','Home IP'";?>);" ><?php echo __("Add my current IP"); ?></a></legend>
<span id="form_add_ip">
<form method="post" action="ip_main.php" name="main" id="main">
<p id="reset_edit_ip" style="display:none;"><a href="javascript:reset_edit_ip();"><?php __("Cancel edit")?></a></p>
<input type="hidden" name="id" value="" id="edit_id" >
<p><?php __("Do you want to add");?><br/>
<input type="radio" name="is_subnet" value="no" id="is_subnet_no" checked OnClick=$("#subnet_info").hide(); >
<label for="is_subnet_no"><?php __("Only 1 IP address");?></label><br/>
<input type="radio" name="is_subnet" value="yes" id="is_subnet_yes" OnClick=$("#subnet_info").show(); >
<label for="is_subnet_yes"><?php __("An entire subnet");?></label>
<p>
<?php __("Enter here the IP address you want. <br/> <i>IPv4, IPv6 and subnet allowed</i>"); ?> <br/>
<input type="text" size=20 maxlength=39 name="ipsub" id="edit_ip" />
</p>
<p>
<?php __("Enter here the address you want (IPv4 or IPv6)"); ?> <br/>
<input type="text" size=20 maxlength=39 name="ip" id="edit_ip" /><span id="subnet_info">/<input type="text" size=4 maxlength=3 name="subnet" id="edit_subnet" /></span>
</p>
<p>
<?php __("Add a commentary");?><br/>
<?php __("Add a comment");?><br/>
<input type="text" size=30 maxlength=200 name="infos" id="edit_infos" />
</p>
<input type="submit" class="inb" value="<?php __("Save")?>" />
@ -100,28 +166,20 @@ if (!empty($is_subnet) && !empty($ip)) {
</table>
<script type="text/javascript">
$("#subnet_info").hide();
$("#form_add_ip").hide();
function switch_from_add_ip() {
$("#form_add_ip").toggle();
function reset_edit_ip() {
$("#reset_edit_ip").hide();
$("#edit_id").val('');
$("#edit_ip").val('');
$("#edit_infos").val('');
}
function edit_ip(id, ip, subnet, infos) {
$("#form_add_ip").show();
$("#edit_id").val(id);
$("#edit_ip").val(ip);
$("#edit_subnet").val(subnet);
$("#edit_infos").val(infos);
if ( (subnet == 32) || (subnet == 128) ) {
$("is_subnet_no").attr('checked', true );
$("is_subnet_yes").attr('checked', false);
$("#subnet_info").hide();
} else {
$("is_subnet_no").attr('checked', false);
$("is_subnet_yes").attr('checked', true);
$("#subnet_info").show();
function edit_ip(id, iph, infos) {
if ( id != '' ) {
$("#reset_edit_ip").show();
}
$("#edit_id").val(id);
$("#edit_infos").val(infos);
$("#edit_ip").val(iph);
}
</script>

12
bureau/class/m_admin.php
View File

@ -845,19 +845,19 @@ EOF;
$cachetime=3600; // The dns cache file can be up to 1H old
if ($alsocheck) {
if (!$forcecheck && file_exists($cachefile) && filemtime($cachefile)+$cachetime>time()) {
$checked=unserialize(file_get_contents($cachefile));
$checked=unserialize(file_get_contents($cachefile));
} else {
// TODO : do the check here (cf checkdom.php) and store it in $checked
$checked=$this->checkalldom();
file_put_contents($cachefile,serialize($checked));
// TODO : do the check here (cf checkdom.php) and store it in $checked
$checked=$this->checkalldom();
file_put_contents($cachefile,serialize($checked));
}
}
$db->query("SELECT m.login,d.domaine,d.gesdns,d.gesmx,d.noerase FROM domaines d LEFT JOIN membres m ON m.uid=d.compte ORDER BY domaine;");
while ($db->next_record()) {
$tmp=$db->Record;
if ($alsocheck) {
$tmp["errstr"]=$checked[$tmp["domaine"]]["errstr"];
$tmp["errno"]=$checked[$tmp["domaine"]]["errno"];
$tmp["errstr"]=$checked[$tmp["domaine"]]["errstr"];
$tmp["errno"]=$checked[$tmp["domaine"]]["errno"];
}
$c[]=$tmp;
}

189
bureau/class/m_authip.php Normal file
View File

@ -0,0 +1,189 @@
<?php
/*
$Id: m_authip.php
----------------------------------------------------------------------
LICENSE
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License (GPL)
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
To read the license please visit http://www.gnu.org/copyleft/gpl.html
----------------------------------------------------------------------
Original Author of file: Fufroma
----------------------------------------------------------------------
*/
/**
* Classe de gestion des IP authorisée
**/
class m_authip {
// Return all the IP address define by this user
function list_ip() {
global $db, $cuid;
$r = array();
$db->query("SELECT * FROM authorised_ip WHERE uid='$cuid';");
while ($db->next_record()) {
$r[$db->f('id')]=$db->Record;
if ( (checkip($db->f('ip')) && $db->f('subnet') == 32) ||
(checkipv6($db->f('ip')) && $db->f('subnet') == 128) ) {
$r[$db->f('id')]['ip_human']=$db->f('ip');
} else {
$r[$db->f('id')]['ip_human']=$db->f('ip')."/".$db->f('subnet');
}
}
return $r;
}
// Delete an IP in authorised_ip
function ip_delete($id) {
global $db, $cuid;
$id=intval($id);
$db->query("SELECT id FROM authorised_ip_affected where authorised_ip_id ='$id';");
while ($db->next_record()) {
$this->ip_affected_delete($db->f('id'));
}
if (! $db->query("delete from authorised_ip where id='$id' and uid='$cuid' limit 1;") ) {
echo "query failed: ".$db->Error;
return false;
}
return true;
}
// Insert or update in authorised_ip
function ip_save($id, $ipsub, $infos, $uid=null) {
global $db, $mem;
// If we ask for uid=0, we have to check to be super-user
// else, juste use global cuid;
if ($uid === 0 && $mem->checkRight() ) {
$cuid=0;
} else {
global $cuid;
}
$id=intval($id);
$infos=mysql_real_escape_string($infos);
// Extract subnet from ipsub
$tmp=explode('/',$ipsub);
$ip=$tmp[0];
$subnet=intval($tmp[1]);
// Error if $ip not an IP
if ( ! checkip($ip) && ! checkipv6($ip) ) {
echo "Failed : not an IP address";
return false;
}
// Check the subnet, if not defined, give a /32 or a /128
if ( ! $subnet ) {
if ( checkip($ip) ) $subnet=32;
else $subnet=128;
}
// An IPv4 can't have subnet > 32
if (checkip($ip) && $subnet > 32 ) $subnet=32;
if ($id) { // Update
if (! $db->query("update authorised_ip set ip='$ip', subnet='$subnet', infos='$infos' where id='$id' and uid='$cuid' ;") ) {
echo "query failed: ".$db->Error;
return false;
}
// TODO hooks update
} else { // Insert
if (! $db->query("insert into authorised_ip (uid, ip, subnet, infos) values ('$cuid', '$ip', '$subnet', '$infos' );") ) {
echo "query failed: ".$db->Error;
return false;
}
}
return true;
}
// Function called by alternc when you delete a member
function alternc_del_member($l_uid) {
$db->query("SELECT id FROM authorised_ip WHERE uid ='$l_uid';");
while ($db->next_record()) {
$this->ip_delete($db->f('id'));
}
return true;
}
function get_auth_class() {
global $classes;
$authclass=array();
foreach ($classes as $c) {
global $$c;
if ( method_exists($$c, "authip_class") ) {
$a=$$c->authip_class();
$a['class']=$c;
$authclass[$a['protocol']]=$a;
}
}
return $authclass;
}
// Save in ip_affected_save
function ip_affected_save($authorised_ip_id, $protocol, $parameters, $id=null) {
global $db;
$authorised_ip_id=intval($authorised_ip_id);
$protocol=mysql_real_escape_string($protocol);
$parameters=mysql_real_escape_string($parameters);
if ($id) {
$id=intval($id);
if (! $db->query("update authorised_ip_affected set authorised_ip_id='$authorised_ip_id', protocol='$protocol', parameters='$parameters' where id ='$id' limit 1;") ) {
echo "query failed: ".$db->Error;
return false;
}
// TODO hooks update
} else {
if (! $db->query("insert into authorised_ip_affected (authorised_ip_id, protocol, parameters) values ('$authorised_ip_id', '$protocol', '$parameters');") ) {
echo "query failed: ".$db->Error;
return false;
}
// TODO hooks insert
}
return true;
}
// Delete an IP in authorised_ip_affected
function ip_affected_delete($id) {
global $db;
$id=intval($id);
if (! $db->query("delete from authorised_ip_affected where id='$id' limit 1;") ) {
echo "query failed: ".$db->Error;
return false;
}
// TODO hooks delete
return true;
}
function list_affected() {
global $db, $cuid;
$r = array();
$db->query("SELECT * FROM authorised_ip_affected WHERE authorised_ip_id in (select id from authorised_ip where uid = '$cuid');");
while ($db->next_record()) {
$r[]=$db->Record;
}
return $r;
}
// TODO :
// hooks on créations/update/delete
}; /* Classe m_authip */

39
bureau/class/m_ftp.php
View File

@ -56,6 +56,21 @@ class m_ftp {
}
// Return the values needed to activate security access. See get_auth_class()
// in authip for more informations
function authip_class() {
$c = Array();
$c['name']="FTP";
$c['protocol']="ftp";
$c['values']=Array();
foreach ($this->get_list() as $v ) {
$c['values'][$v['id']]=$v['login'];
}
return $c;
}
/* ----------------------------------------------------------------- */
/** Retourne la liste des comptes FTP du compte hébergé
* Retourne la liste des comptes FTP sous forme de tableau indexé de
@ -73,12 +88,12 @@ class m_ftp {
$db->query("SELECT id, name, homedir FROM ftpusers WHERE uid='$cuid' ORDER BY homedir;");
if ($db->num_rows()) {
while ($db->next_record()) {
// On passe /var/alternc/html/u/user
$tr=preg_match("/^\/var\/alternc\/html\/.\/[^\/]*\/(.*)$/", $db->f("homedir"),$match); /* " */
$r[]=array(
"id"=>$db->f("id"),
"login"=>$db->f("name"),
"dir"=>$match[1]
// On passe /var/alternc/html/u/user
$tr=preg_match("/^\/var\/alternc\/html\/.\/[^\/]*\/(.*)$/", $db->f("homedir"),$match); /* " */
$r[]=array(
"id"=>$db->f("id"),
"login"=>$db->f("name"),
"dir"=>$match[1]
);
}
return $r;
@ -104,8 +119,8 @@ class m_ftp {
$tr=preg_match("/^\/var\/alternc\/html\/.\/[^\/]*\/(.*)$/", $db->f("homedir"),$match); /*"*/
$lg=explode("_",$db->f("name"));
if (!is_array($lg)) {
$lg[0]=$db->f("name");
$lg[1]="";
$lg[0]=$db->f("name");
$lg[1]="";
}
return array(
"id"=>$db->f("id"),
@ -200,9 +215,9 @@ class m_ftp {
// Check this password against the password policy using common API :
if (is_callable(array($admin,"checkPolicy"))) {
if (!$admin->checkPolicy("ftp",$prefixe.$login,$pass)) {
return false; // The error has been raised by checkPolicy()
}
if (!$admin->checkPolicy("ftp",$prefixe.$login,$pass)) {
return false; // The error has been raised by checkPolicy()
}
}
$db->query("UPDATE ftpusers SET name='".$prefixe.$login."', password='', encrypted_password=ENCRYPT('$pass'), homedir='/var/alternc/html/$l/$lo/$dir', uid='$cuid' WHERE id='$id';");
@ -276,7 +291,7 @@ class m_ftp {
// Check this password against the password policy using common API :
if (is_callable(array($admin,"checkPolicy"))) {
if (!$admin->checkPolicy("ftp",$prefixe.$login,$pass)) {
return false; // The error has been raised by checkPolicy()
return false; // The error has been raised by checkPolicy()
}
}